A critical RCE flaw discovered in the open-source Internet forum Discourse tracked as CVE-2021-41163, has been addressed in an urgent update on Friday.
What Is Discourse?
Discourse, which was founded in 2013, is an open-source Internet forum and mailing list management platform. According to Wikipedia, the application is written with Ember.js and Ruby on Rails. PostgreSQL serves as its back-end database management system.
Discourse deviates from existing forum software in terms of usability by incorporating features recently popularized by large social networks including:
infinite scrolling; live updates; expanding links; drag and drop attachments.
Versions 2.7.8 and earlier are exposed, and the best approach to mitigate the risk is to update to 2.7.9 or later, which was released last week. The issue has also been addressed in the most recent beta and test versions.
As per official figures, the open-source platform for community discussion was used to publish 3.5 million posts in September 2021, which were seen by 405 million users.
Due to its popularity, Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the vulnerability, encouraging forum administrators to update to the most recent available version or implement the necessary steps for overcoming future attacks.