Discourse sending email function exist Server side request forgery SSRF (PR #10509)

1、First, send a new email image

2、Choose to upload images from a website image

3、send mail image

4、The email has been sent. image

5、Our remote server received a GET request from the site! image

6、The vulnerability was tested in both versions 2.3.2 and 2.6 微信截图_20200823142228

GitHub