CVE-2023-47121 Information

Description

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches. As a workaround disable the Embedding feature.

Reference

https://github.com/discourse/discourse/security/advisories/GHSA-hp24-94qf-8cgc https://github.com/discourse/discourse/commit/24cca10da731734af4e9748de99a508d586e59f1 https://github.com/discourse/discourse/commit/5f20748e402223b265e6fee381472c14e2604da6