CVE-2022-39232

Name of the Vulnerable Software and Affected Versions Discourse versions 2.9.0.beta5 through 2.9.0.beta9

Description The issue arises when an incomplete quote generates a JavaScript error, potentially crashing the current page in the browser. This occurs in certain cases and is related to how the platform handles quotes. The problem is resolved in version 2.9.0.beta10, which includes a fix and additional tests to prevent incomplete quotes from causing issues.

Recommendations For versions 2.9.0.beta5 through 2.9.0.beta9, update to version 2.9.0.beta10 to resolve the issue. As a temporary workaround for affected versions, the quote can be fixed via the rails console.