Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse vulnerable to RCE via admins uploading maliciously zipped file
Vulnerability Description
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Discourse 代码问题漏洞
Vulnerability Description
Discourse是一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 2.8.9.stable之前版本和2.9.0.beta10之前版本存在代码问题漏洞,该漏洞源于管理员可以上传恶意制作的Zip或Gzip Tar存档,在任意位置写入文件并触发远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A