CVE-2023-47121: 
NixOS vulnerability analysis and mitigation

Discourse, an open source platform for community discussion, disclosed a Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2023-47121. The vulnerability affects versions prior to 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches. The vulnerability was discovered and disclosed on November 10, 2023 (NVD).

The vulnerability exists in the embedding feature of Discourse, which is susceptible to server-side request forgery. The issue received a CVSS v3.1 base score of 9.8 CRITICAL from NIST (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), while GitHub assessed it with a lower severity score of 3.4 LOW (Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). The vulnerability is classified as CWE-918 Server-Side Request Forgery (SSRF) (NVD, GitHub Advisory).

The SSRF vulnerability could potentially allow attackers to make unauthorized server-side requests through the embedding feature, potentially leading to unauthorized access to internal resources or data exposure (GitHub Advisory).

The vulnerability has been patched in version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches. As a workaround, administrators can disable the Embedding feature if immediate updating is not possible (NVD, GitHub Advisory).