Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature.
We have discovered 1,435 live websites that are affected by CVE-2023-47121.
Product | Discourse |
Category | Message Boards |
Vulnerable Domains | 1,435 live websites (27.47% of Discourse install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 81 versions ( 85.26% of all versions) |
United States | 967 websites |
Germany | 121 websites |
France | 77 websites |
Singapore | 41 websites |
China | 33 websites |
GB | 19 websites |
Russia | 15 websites |
Netherlands | 13 websites |
Switzerland | 13 websites |
.com | 593 websites |
.org | 227 websites |
.net | 72 websites |
.io | 70 websites |
.de | 28 websites |
.fr | 20 websites |
.co | 17 websites |
.ru | 16 websites |
.eu | 14 websites |
.com.br | 12 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
*********.***.com | France | *,*** | |
*********.*******.org | United States | **,*** | |
******.********.com | United States | **,*** | |
*********.***************.com | United States | **,*** | |
*****.******.com | United States | ***,*** | |
*********.**********.de | Germany | ***,*** | |
*****.******.cloud | United States | ***,*** | |
**********.com | United States | ***,*** | |
*********.*********.com | ***,*** | ||
*********.**********.io | United States | ***,*** |
FAQ