CRITICAL🇬🇧 English

CVE-2022-36066

CVSS 9.1v3.1pub. 2022-09-29upd. 2024-11-21

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Discourse

    APP
    Discourse
    2.9.0< 2.8.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2021-41163CRITICAL10.0ten sam produkt

Discourse is an open source platform for community discussion. In affected versions maliciously crafted reques...

CVE-2026-27934HIGH8.7ten sam produkt

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 h...

CVE-2026-29072HIGH8.2ten sam produkt

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, ...

CVE-2026-26078HIGH7.5ten sam produkt

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the...

CVE-2026-26265HIGH7.5ten sam produkt

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR ...