Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Discourse is missing Cache-Control response header on error responses
Vulnerability Description
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.
CVSS Information
N/A
Vulnerability Type
通过缓存导致的信息暴露
Vulnerability Title
Discourse 安全漏洞
Vulnerability Description
Discourse是Discourse开源的一套开源的社区讨论平台。该平台包括社区、电子邮件和聊天室等功能。 Discourse 3.6.2之前版本和3.6.0.beta2版本存在安全漏洞,该漏洞源于错误响应中缺少默认Cache-Control响应标头,可能导致代理缓存污染攻击。
CVSS Information
N/A
Vulnerability Type
N/A