Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-27160: GitHub - forem/forem: For empowering community 🌱

forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.

CVE
#sql#vulnerability#mac#microsoft#linux#redis#nodejs#git#ssrf#ruby#postgres#docker#ssl

Forem 🌱

For Empowering Community

Welcome to the Forem codebase, the platform that powers dev.to. We are so excited to have you. With your help, we can build out Forem’s usability, scalability, and stability to better serve our communities.

What is Forem?

Forem is open source software for building communities. Communities for your peers, customers, fanbases, families, friends, and any other time and space where people need to come together to be part of a collective. See our announcement post for a high-level overview of what Forem is.

dev.to (or just DEV) is hosted by Forem. It is a community of software developers who write articles, take part in discussions, and build their professional profiles. We value supportive and constructive dialogue in the pursuit of great code and career growth for all members. The ecosystem spans from beginner to advanced developers, and all are welcome to find their place within our community. ❤️

Table of Contents

  • What is Forem?
  • Table of Contents
  • Community
  • Contributing
  • Getting Started
    • Prerequisites
      • Local
      • Containers
    • Installation Documentation
  • Developer Documentation
  • Core team
  • Vulnerability disclosure
  • Acknowledgements
  • License

Community

For a place to have open discussions on features, voice your ideas, or get help with general questions please visit our community at forem.dev.

Contributing

We encourage you to contribute to Forem! Please check out the Contributing to Forem guide for guidelines about how to proceed.

Getting Started

This section provides a high-level quick start guide. If you’re looking for a more thorough installation guide (for example with macOS, you’ll want to refer to our complete Developer Documentation.

We run on a Rails backend, and we are currently transitioning to a Preact-first frontend.

A more complete overview of our stack is available in our docs.

To launch Forem in Gitpod, navigate to https://gitpod.io/#https://github.com/{your_github_username}/forem.

Prerequisites****Local

  • Ruby: we recommend using rbenv to install the Ruby version listed on the badge.
  • Yarn 1.x: please refer to their installation guide.
  • PostgreSQL 11 or higher.
  • ImageMagick: please refer to ImageMagick’s installation instructions.
  • Redis 4 or higher.

Containers

Linux

  • Podman 1.9.2 or higher
  • Podman Compose 0.1.5 or higher

OS X

  • Docker Desktop for Mac

Installation Documentation

Please see our installation guides, such as the one for macOS.

Developer Documentation

Check out our dedicated docs page for more technical documentation.

Core team

  • @benhalpern
  • @jessleenyc
  • @peterkimfrank
  • @maestromac
  • @lightalloy
  • @ridhwana
  • @rt4914
  • @jaw6
  • @lboogie2004
  • @klardotsh

Vulnerability disclosure

Forem is the open source software which powers DEV.

We welcome security research on DEV under the terms of our vulnerability disclosure policy.

Acknowledgements

Thank you to the Twemoji project for the usage of their emojis.

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Please see the LICENSE file in our repository for the full text.

Like many open source projects, we require that contributors provide us with a Contributor License Agreement (CLA). By submitting code to the Forem project, you are granting us a right to use that code under the terms of the CLA.

Our version of the CLA was adapted from the Microsoft Contributor License Agreement, which they generously made available to the public domain under Creative Commons CC0 1.0 Universal.

Any questions, please refer to our license FAQ doc or email [email protected].

Happy Coding ❤️

⬆ Back to Top

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907