CVE-2021-43827 - OpenCVE

Vendors	Products
Discourse	Discourse Footnote

Link	Providers
https://github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661ab
https://github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57

{"containers": {"cna": {"affected": [{"product": "discourse-footnote", "vendor": "discourse", "versions": [{"status": "affected", "version": "< 0.2"}]}], "descriptions": [{"lang": "en", "value": "discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755: Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-14T22:20:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661ab"}], "source": {"advisory": "GHSA-58vr-c56v-qr57", "discovery": "UNKNOWN"}, "title": "Inline footnotes wrapped in <a> tags can cause errors in discourse-footnotes", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43827", "STATE": "PUBLIC", "TITLE": "Inline footnotes wrapped in <a> tags can cause errors in discourse-footnotes"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "discourse-footnote", "version": {"version_data": [{"version_value": "< 0.2"}]}}]}, "vendor_name": "discourse"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755: Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57", "refsource": "CONFIRM", "url": "https://github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57"}, {"name": "https://github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661ab", "refsource": "MISC", "url": "https://github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661ab"}]}, "source": {"advisory": "GHSA-58vr-c56v-qr57", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:08.963Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661ab"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43827", "datePublished": "2021-12-14T22:20:09", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:08.963Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:discourse:discourse_footnote:*:*:*:*:*:discourse:*:*", "matchCriteriaId": "08855F99-016D-4D36-A462-6D60CB5C970F", "versionEndExcluding": "0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `<a>` tags (e.g. `<a>^[footnote]</a>`, the resulting rendered HTML would include a nested `<a>`, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `<a>` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue."}, {"lang": "es", "value": "discourse-footnote es una biblioteca que proporciona notas a pie de p\u00e1gina para los mensajes en Discourse. ### Impacto Cuando es publicada una nota al pie de p\u00e1gina en l\u00ednea envuelta en etiquetas \"(a)\" (por ejemplo, \"(a)^[footnote](/a)\", el HTML resultante incluye un \"(a)\" anidado, que es eliminado por Nokogiri porque no es v\u00e1lido. Esto causaba un error de javascript en las p\u00e1ginas de los temas porque busc\u00e1bamos un elemento \"(a)\" dentro del span de referencia de la nota al pie y obten\u00edamos su ID, y como no se presentaba obten\u00edamos un error de referencia null en javascript. Es recomendado a usuarios que actualicen a la versi\u00f3n 0.2. Como soluci\u00f3n a este problema, pueden editarse las entradas en cuesti\u00f3n desde la consola de rails o la consola de la base de datos en el caso de los auto alojados, o deshabilitar el plugin en el panel de administraci\u00f3n"}], "id": "CVE-2021-43827", "lastModified": "2021-12-29T20:31:48.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Primary"}]}, "published": "2021-12-14T23:15:08.020", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661ab"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object