=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN549
_____________________________________________________________________

DATE                : 21/10/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Discourse versions prior to 2.7.9,
                                  2.8.0.beta7, 2.8.0.beta7.

=====================================================================
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
_____________________________________________________________________


RCE via malicious SNS subscription payload

critical

ZogStriP published GHSA-jcjx-pvpc-qgwq Oct 20, 2021


Package
Discourse (Discourse)

Affected versions
stable <= 2.7.8; beta <= 2.8.0.beta6; tests-passed <= 2.8.0.beta6

Patched versions
stable >= 2.7.9; beta >= 2.8.0.beta7; tests-passed >= 2.8.0.beta7


Description

Impact

A validation bug in the upstream aws-sdk-sns gem can lead to RCE in
Discourse via a maliciously crafted request.


Patches

This issue is patched in the latest stable, beta and tests-passed
versions of Discourse.


Workarounds

To workaround the issue without updating, requests with a path starting
/webhooks/aws could be blocked at an upstream proxy.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================