CVE-2021-41163 – Discourse / Discourse – Command injection
CVE-2021-41163 is a command injection vulnerability impacting multiple versions of Discourse. An exploit was observed in open source and subsequently shared in the underground.
Summary:
CVE-2021-41163 is a command injection vulnerability impacting multiple versions of Discourse. An exploit was observed in open source and subsequently shared in the underground.
PoC Links(if available):
0day : Discourse SNS webhook RCE –
https://0day.click/recipe/discourse-sns-rce/
Known Counter Measures:
Discourse addressed the vulnerability in a GitHub software development platform saved commit change with a patch.
Links to patches(if available)
https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9