Skip to content

Incomplete quote can cause a topic to crash in the browser

Low
jomaxro published GHSA-cv64-v73f-7wq5 Sep 29, 2022

Package

Discourse (Discourse)

Affected versions

v2.9.0.beta5 - 2.9.0.beta9

Patched versions

>= 2.9.0.beta10

Description

Impact

In some cases, an incomplete quote can generate a JavaScript error which will crash the current page in the browser.

Patches

Added a fix and tests to ensure incomplete quotes won't break the app.

Workarounds

The quote can be fixed via the rails console.

Severity

Low

CVE ID

CVE-2022-39232

Weaknesses

No CWEs