It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
References
Link | Resource |
---|---|
https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first | Vendor Advisory |
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 | Release Notes Third Party Advisory |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-26T20:39:46
Updated: 2021-10-20T10:41:40
Reserved: 2021-01-26T00:00:00
Link: CVE-2021-26271
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-26T21:15:12.860
Modified: 2021-12-01T16:16:59.177
Link: CVE-2021-26271
JSON object: View
Redhat Information
No data.
CWE