SSRF protection missing for some FastImage requests
Package
Discourse
(Discourse)
Affected versions
stable <= 3.1.0; beta <= 3.1.0.beta2; tests-passed <= 3.1.0.beta2
Patched versions
stable >= 3.1.0; beta >= 3.1.0.beta3; tests-passed >= 3.1.0.beta3
Impact
Some user provided URLs were being passed to FastImage without SSRF protection.
Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses.
This affects any site running the tests-passed or beta branches <= 3.1.0.beta2.
Patches
The issue is patched in the latest beta and tests-passed version of Discourse.
Workarounds
None.