Usage subject to Terms and Conditions

Critical RCE Vulnerability in Discourse 

Critical RCE Vulnerability in Discourse 

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse

Original release date: October 24, 2021

Discourse—an open source discussion platform—has released a security advisory to address a critical remote code execution (RCE) vulnerability (CVE-2021-41163) in Discourse versions 2.7.8 and earlier. 

CISA urges developers to update to patched versions 2.7.9 or later or apply the necessary workarounds. 

For more information, see RCE via malicious SNS subscription payload.

This product is provided subject to this Notification and this Privacy & Use policy.

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse