Discourse Footnote Discourse Footnote

Do you want an email whenever new security vulnerabilities are reported in Discourse Footnote?

By the Year

In 2023 there have been 0 vulnerabilities in Discourse Footnote . Discourse Footnote did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 0 0.00
2021 1 4.30
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Discourse Footnote vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Discourse Footnote Security Vulnerabilities

discourse-footnote is a library providing footnotes for posts in Discourse

CVE-2021-43827 4.3 - Medium - December 14, 2021

discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue.

Improper Handling of Exceptional Conditions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Discourse Footnote or by Discourse? Click the Watch button to subscribe.