CNNVD-202510-3776 Information

Oct 28, 2025 cve

CNNVD ID

CNNVD-202510-3776

CVE-2025-61598

CNNVD Published: 2025-10-28

Description (Chinese)

Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.6.2之前版本和3.6.0.beta2版本存在安全漏洞，该漏洞源于错误响应中缺少默认Cache-Control响应标头，可能导致代理缓存污染攻击。

Description (English)

Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a safety loophole in previous and 3.6.0.beta2 versions of Discourse 3.6.2, which stems from the absence of a default Cache-Control response header in the error response, which could lead to a proxy cache of pollution attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Discourse

Published

2025-10-28

Last Modified

2026-02-24

References

https://github.com/discourse/discourse/commit/3ea1b663c82c067e5ca778db846bad1e082ba6cd https://github.com/discourse/discourse/security/advisories/GHSA-jp9x-wwv6-cv3j https://github.com/discourse/discourse/commit/fd567af7bf5a15c70772021acbdf5d38487a31bc https://access.redhat.com/security/cve/cve-2025-61598

Patch

https://www.discourse.org/

Share on: