Issue Description During a security assessment of our customized Discourse deployment, we discovered a potential directory traversal vulnerability related to the /uploads/* endpoint. Problem Details Accessing /uploads/ allows users to fetch files from arbitrary upload directories by manipulating …

Potential Directory Traversal: /uploads/* allows cross-directory file access

Moin July 8, 2025, 10:42am 2

Maybe you are interested in the secure-uploads feature.

3 Likes