CVE-2021-41163 – Discourse / Discourse – Command injection

December 8, 2021

CVE-2021-41163 is a command injection vulnerability impacting multiple versions of Discourse. An exploit was observed in open source and subsequently shared in the underground.

Summary:

CVE-2021-41163 is a command injection vulnerability impacting multiple versions of Discourse. An exploit was observed in open source and subsequently shared in the underground.

PoC Links(if available):

0day : Discourse SNS webhook RCE –
https://0day.click/recipe/discourse-sns-rce/

Known Counter Measures:

Discourse addressed the vulnerability in a GitHub software development platform saved commit change with a patch.

Links to patches(if available)

https://github.com/discourse/discourse/commit/fa3c46cf079d28b086fe1025349bb00223a5d5e9

You may have missed

alerts

Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

April 25, 2024
image

CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

April 25, 2024
hkcert

Cisco Products Multiple Vulnerabilities

April 25, 2024
HIBP Banner 1

T2 – 94,584 breached accounts

April 25, 2024
CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

April 25, 2024