Critical Remote Code Execution Vulnerability in Discourse Platform

The developers of Discourse, an open-source discussion platform, have released a security update to address a critical remote code execution vulnerability (CVE-2021-41163). This vulnerability may allow an unauthenticated attacker to exploit the platform via a maliciously crafted request.

The vulnerability affects Discourse versions 2.7.8 and earlier.  

Users and administrators of the affected versions are advised to upgrade to the latest versions immediately. 

More information is available here:
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
https://www.bleepingcomputer.com/news/security/cisa-urges-admins-to-patch-critical-discourse-code-execution-bug/