Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
discourse discourse 2.3.2 |
||
discourse discourse 2.6.0 |