CVE-2023-47119: 
NixOS vulnerability analysis and mitigation

CVE-2023-47119 affects Discourse, an open source platform for community discussion. The vulnerability was discovered in the platform's Onebox engine, where certain links could inject arbitrary HTML tags when rendered. The issue affects versions prior to 3.1.3 of the 'stable' branch and versions before 3.2.0.beta3 of the 'beta' and 'tests-passed' branches (Vendor Advisory).

The vulnerability is classified as a Cross-site Scripting (CWE-79) issue by NIST and an Injection (CWE-74) issue by GitHub. It received a CVSS v3.1 base score of 6.1 (Medium) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while GitHub assessed it at 5.3 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD).

The vulnerability allows attackers to inject arbitrary HTML tags through links when rendered through the Onebox engine, potentially leading to cross-site scripting attacks. The impact primarily affects the integrity and confidentiality of the system, with low severity ratings for both aspects (Vendor Advisory).

The vulnerability has been patched in version 3.1.3 of the 'stable' branch and version 3.2.0.beta3 of the 'beta' and 'tests-passed' branches. There are no known workarounds, making it critical for users to upgrade to the patched versions (Vendor Advisory).