CISA urges admins to patch critical Discourse code execution bug


code bug

A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday

Discourse is an open-source forum, long-form chat, and mailing list management platform widely deployed on the web, offering excellent usability and integration potential while focusing heavily on social features. 

The vulnerable versions are 2.7.8 and older, and the best way to address the risk is to update to 2.7.9 or later, which came out on Friday. The latest beta and test versions have also been patched against the flaw. 

According to official stats, Discourse was used to publish 3.5 million posts viewed by 405 million users in September 2021 alone.

Read more…