Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31182: SECURITY: Do not cache error responses for static assets (stable) · discourse/discourse@7af2554

Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse’s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
#vulnerability#nginx

Permalink

Browse files

SECURITY: Do not cache error responses for static assets (stable)

  • Loading branch information

1 parent f0ef186 commit 7af25544c3940c4d046c51f4cfac9c72a06d4f50

Showing 1 changed file with 0 additions and 1 deletion.

@@ -247,7 +247,6 @@ server {

proxy_cache one;

proxy_cache_key "$scheme,$host,$request_uri";

proxy_cache_valid 200 301 302 7d;

proxy_cache_valid any 1m;

proxy_cache_bypass $bypass_cache;

proxy_pass http://discourse;

break;

0 comments on commit 7af2554

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907