Vulnerabilities > CVE-2022-39232 - Unspecified vulnerability in Discourse 2.9.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
References
- https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530
- https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530
- https://github.com/discourse/discourse/pull/18311
- https://github.com/discourse/discourse/pull/18311
- https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5
- https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5