Discourse Footnote
By the Year
In 2024 there have been 0 vulnerabilities in Discourse Footnote . Discourse Footnote did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 4.30 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Discourse Footnote vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Discourse Footnote Security Vulnerabilities
discourse-footnote is a library providing footnotes for posts in Discourse
CVE-2021-43827
4.3 - Medium
- December 14, 2021
discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue.
Improper Handling of Exceptional Conditions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Discourse Footnote or by Discourse? Click the Watch button to subscribe.
