CNNVD-202510-012 Information
CNNVD ID
CNNVD-202510-012
Related CVE
- CNNVD Published: 2025-10-01
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.0及之前版本存在命令注入漏洞,该漏洞源于恶意元命令可嵌入备份转储并在还原期间执行,可能导致访问其他站点数据或凭据。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. Discourse 3.5.0 and previous versions of the order fill a loophole, which arises from the fact that a malicious meta-order can be embedded in the backup dump and executed during the restoration period, which may result in access to other site data or evidence.
Hazard Level
High
Vulnerability Type
命令注入
Published
2025-10-01
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/commit/43536b60d012cc8084e7e701d6afab9ba01e28a5 https://github.com/discourse/discourse/security/advisories/GHSA-7xjr-4f4g-9887
Patch
https://github.com/discourse/discourse/tags
Share on: