Vulnerability Database

309,103

Total vulnerabilities in the database

CVE-2021-41271

Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.

  • Published: Nov 15, 2021
  • Updated: Nov 16, 2025
  • CVE: CVE-2021-41271
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.8
  • AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
discourse / discourse 2.8.0-beta1 2.8.0-beta1.x
discourse / discourse 2.8.0-beta2 2.8.0-beta2.x
discourse / discourse 2.8.0-beta3 2.8.0-beta3.x
discourse / discourse 2.8.0-beta4 2.8.0-beta4.x
discourse / discourse 2.8.0-beta5 2.8.0-beta5.x
discourse / discourse 2.8.0-beta6 2.8.0-beta6.x
discourse / discourse 2.8.0-beta7 2.8.0-beta7.x
discourse / discourse - 2.7.9.x