Vulnerability Description
Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Discourse | Discourse | 2.9.0 |
Related Weaknesses (CWE)
References
- https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c72PatchThird Party Advisory
- https://github.com/discourse/discourse/pull/18311PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5Third Party Advisory
- https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c72PatchThird Party Advisory
- https://github.com/discourse/discourse/pull/18311PatchThird Party Advisory
- https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5Third Party Advisory
FAQ
What is CVE-2022-39232?
CVE-2022-39232 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current p...
How severe is CVE-2022-39232?
CVE-2022-39232 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39232?
Check the references section above for vendor advisories and patch information. Affected products include: Discourse Discourse.