CVE-2021-41163 – Discourse / Discourse – Command injection

December 8, 2021

CVE-2021-41163 is a command injection vulnerability impacting multiple versions of Discourse. An exploit was observed in open source and subsequently shared in the underground.

Summary:

CVE-2021-41163 is a command injection vulnerability impacting multiple versions of Discourse. An exploit was observed in open source and subsequently shared in the underground.

PoC Links(if available):

0day : Discourse SNS webhook RCE –
https://0day.click/recipe/discourse-sns-rce/

Known Counter Measures:

Discourse addressed the vulnerability in a GitHub software development platform saved commit change with a patch.

Links to patches(if available)

https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9

You may have missed

CISA Logo

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

November 23, 2024
CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

November 23, 2024
CISA Logo

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

November 23, 2024
CISA Logo

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

November 23, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

November 23, 2024