Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse: Cross-Site Data Exposure via Backup Restore Metacommand Injection in Multisite Deployments
Vulnerability Description
Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups, this allowed an admin of one site to access data or credentials from other sites. This issue is fixed in version 3.5.1.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Discourse 命令注入漏洞
Vulnerability Description
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.5.0及之前版本存在命令注入漏洞,该漏洞源于恶意元命令可嵌入备份转储并在还原期间执行,可能导致访问其他站点数据或凭据。
CVSS Information
N/A
Vulnerability Type
N/A