CVE-2021-41163 – Discourse / Discourse – Command injection

CVE-2021-41163 is a command injection vulnerability impacting multiple versions of Discourse. An exploit was observed in open source and subsequently shared in the underground.

Summary:

CVE-2021-41163 is a command injection vulnerability impacting multiple versions of Discourse. An exploit was observed in open source and subsequently shared in the underground.

PoC Links(if available):

0day : Discourse SNS webhook RCE –
https://0day.click/recipe/discourse-sns-rce/

Known Counter Measures:

Discourse addressed the vulnerability in a GitHub software development platform saved commit change with a patch.

Links to patches(if available)

https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9