Cache poisoning via maliciously-formed request
Package
No package listed
Affected versions
stable <= 2.7.9; beta <= 2.8.0.beta7; tests-passed <= 2.8.0.beta7
Patched versions
stable >= 2.7.10; beta >= 2.8.0.beta8; tests-passed <= 2.8.0.beta8
Impact
A maliciously crafted request could cause an error response to be cached by intermediate proxies.
Patches
This issue is patched in the latest stable, beta and tests-passed versions of Discourse.