{"id":"BIT-discourse-2022-39232","details":"Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.","aliases":["CVE-2022-39232","GHSA-cv64-v73f-7wq5"],"modified":"2025-10-08T05:27:08.671384Z","published":"2024-03-06T11:04:12.279Z","database_specific":{"cpes":["cpe:2.3:a:discourse:discourse:2.9.0:beta5:*:*:*:*:*:*","cpe:2.3:a:discourse:discourse:2.9.0:beta6:*:*:*:*:*:*","cpe:2.3:a:discourse:discourse:2.9.0:beta7:*:*:*:*:*:*","cpe:2.3:a:discourse:discourse:2.9.0:beta8:*:*:*:*:*:*","cpe:2.3:a:discourse:discourse:2.9.0:beta9:*:*:*:*:*:*"],"severity":"Medium"},"references":[{"type":"WEB","url":"https://github.com/discourse/discourse/commit/eab33af5bf19827527fe79134d865b5c727f6530"},{"type":"WEB","url":"https://github.com/discourse/discourse/pull/18311"},{"type":"WEB","url":"https://github.com/discourse/discourse/security/advisories/GHSA-cv64-v73f-7wq5"}],"affected":[{"package":{"name":"discourse","ecosystem":"Bitnami","purl":"pkg:bitnami/discourse"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.9.0-beta5"},{"last_affected":"2.9.0-beta5"},{"introduced":"2.9.0-beta6"},{"last_affected":"2.9.0-beta6"},{"introduced":"2.9.0-beta7"},{"last_affected":"2.9.0-beta7"},{"introduced":"2.9.0-beta8"},{"last_affected":"2.9.0-beta8"},{"introduced":"2.9.0-beta9"},{"last_affected":"2.9.0-beta9"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/discourse/BIT-discourse-2022-39232.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}],"schema_version":"1.7.3"}