Skip to content

Cache poisoning via maliciously-formed request

Low
jomaxro published GHSA-hf6r-mc9j-hf4p Nov 15, 2021

Package

No package listed

Affected versions

stable <= 2.7.9; beta <= 2.8.0.beta7; tests-passed <= 2.8.0.beta7

Patched versions

stable >= 2.7.10; beta >= 2.8.0.beta8; tests-passed <= 2.8.0.beta8

Description

Impact

A maliciously crafted request could cause an error response to be cached by intermediate proxies.

Patches

This issue is patched in the latest stable, beta and tests-passed versions of Discourse.

Severity

Low
3.7
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE ID

CVE-2021-41271

Weaknesses

No CWEs

Credits