discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `` tags (e.g. `^[footnote]`, the resulting rendered HTML would include a nested ``, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue.
Find out more about CVE-2021-43827 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
| Product Name | Status | Defect | Fixed | Downloads |
|---|---|---|---|---|
| Linux | ||||
| Wind River Linux LTS 17 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 8 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 9 | Not Vulnerable | -- | -- | -- |
| Wind River Linux 7 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 21 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 18 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 19 | Not Vulnerable | -- | -- | -- |
| Wind River Linux CD release | Not Vulnerable | -- | -- | -- |
| Wind River Linux 6 | Not Vulnerable | -- | -- | -- |
| Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
| VxWorks | ||||
| VxWorks 7 | Not Vulnerable | -- | -- | -- |
| VxWorks 6.9 | Not Vulnerable | -- | -- | -- |
| Helix Virtualization Platform Cert Edition | ||||
| Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
| Product Name | Status | Defect | Fixed | Downloads |
|---|
