-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2021-26272.yml
More file actions
23 lines (23 loc) · 1.06 KB
/
CVE-2021-26272.yml
File metadata and controls
23 lines (23 loc) · 1.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
---
gem: ckeditor
cve: 2021-26272
ghsa: wpvm-wqr4-p7cw
url: https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
title: Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
date: 2021-10-13
description: |
It was possible to execute a ReDoS-type attack inside CKEditor 4 before
4.16 by persuading a victim to paste crafted URL-like text into the editor, and
then press Enter or Space (in the Autolink plugin).
cvss_v3: 6.5
patched_versions:
- ">= 5.1.2"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2021-26272
- https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
- https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://github.com/advisories/GHSA-wpvm-wqr4-p7cw