{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T14:12:16.783","vulnerabilities":[{"cve":{"id":"CVE-2021-43827","sourceIdentifier":"security-advisories@github.com","published":"2021-12-14T23:15:08.020","lastModified":"2024-11-21T06:29:52.763","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `` tags (e.g. `^[footnote]`, the resulting rendered HTML would include a nested ``, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue."},{"lang":"es","value":"discourse-footnote es una biblioteca que proporciona notas a pie de página para los mensajes en Discourse. ### Impacto Cuando es publicada una nota al pie de página en línea envuelta en etiquetas \"(a)\" (por ejemplo, \"(a)^[footnote](/a)\", el HTML resultante incluye un \"(a)\" anidado, que es eliminado por Nokogiri porque no es válido. Esto causaba un error de javascript en las páginas de los temas porque buscábamos un elemento \"(a)\" dentro del span de referencia de la nota al pie y obteníamos su ID, y como no se presentaba obteníamos un error de referencia null en javascript. Es recomendado a usuarios que actualicen a la versión 0.2. Como solución a este problema, pueden editarse las entradas en cuestión desde la consola de rails o la consola de la base de datos en el caso de los auto alojados, o deshabilitar el plugin en el panel de administración"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:discourse:discourse_footnote:*:*:*:*:*:discourse:*:*","versionEndExcluding":"0.2","matchCriteriaId":"08855F99-016D-4D36-A462-6D60CB5C970F"}]}]}],"references":[{"url":"https://github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661ab","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/discourse/discourse-footnote/commit/796617e0131277011207541313522cd1946661ab","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/discourse/discourse-footnote/security/advisories/GHSA-58vr-c56v-qr57","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}