CVE-2020-24327 – Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.

4 years ago

Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24327

Reference (s):

https://github.com/discourse/discourse/pull/10509
https://github.com/purple-WL/Discourse-sending-email-function-exist-Server-side-request-forgery-SSRF-/issues/1