CISA urges admins to patch critical Discourse code execution bug

25 October 2021

A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday Discourse is an open-source forum, long-form chat, and mailing list management platform widely deployed on the web, offering excellent usability and integration potential while focusing heavily on social features. The vulnerable versions are 2.7.8 and older, and the best way to address the risk is to update to 2.7.9 or later, which came out on Friday.

Read full article on Bleeping Computer

Date:

25 October 2021

Categorie(s):

NEWS

Tag(s):

CISA, Discourse, IT, News, Softwares

Offensive Awakening: The 2024 Shift from Defensive to Proactive Security5 May 2024
End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box5 May 2024
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks5 May 2024
Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement5 May 2024
Dating apps kiss’n’tell all sorts of sensitive personal info4 May 2024