In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
discourse discourse 2.9.0 |
||
discourse discourse |