CNNVD-202601-4669 Information
CNNVD ID
CNNVD-202601-4669
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.4之前版本、2025.11.2之前版本、2025.12.1之前版本和2026.1.0之前版本存在代码问题漏洞,该漏洞源于FinalDestination中的主机名验证问题可能允许绕过SSRF保护。
Description (English)
Discourse is an open-source community discussion platform for Discourse. The platform includes community, e-mail and chat rooms. There is a code gap in previous versions of Discourse 3.5.4, 2025.11.2, 2025.12.1 and before 2026.1.0, which stems from the problem of authentication of host names in FinalDestification that may allow circumvention of SSRF protection.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Discourse
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/discourse/discourse/security/advisories/GHSA-gcfp-rjfc-925c https://access.redhat.com/security/cve/cve-2025-68662
Patch
https://github.com/discourse/discourse/tags
Share on: