CVE-2021-26271
published 2021-01-26CVE-2021-26271: It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ckeditor | ckeditor | >= 0 < 4.16.0+dfsg-1 | 4.16.0+dfsg-1 |
| ckeditor | ckeditor | >= 0 < 4.16.0+dfsg-1 | 4.16.0+dfsg-1 |
| ckeditor | ckeditor | >= 4.0 < 4.16 | 4.16 |
| debian | ckeditor | < ckeditor 4.16.0+dfsg-1 (bookworm) | ckeditor 4.16.0+dfsg-1 (bookworm) |
| debian | ckeditor3 | < ckeditor 4.16.0+dfsg-1 (bookworm) | ckeditor 4.16.0+dfsg-1 (bookworm) |
| oracle | agile_plm | — | — |
| oracle | agile_plm | — | — |
| oracle | application_express | < 21.1.0 | 21.1.0 |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.6 – 8.0.9 | — |
| oracle | jd_edwards_enterpriseone_tools | < 9.2.6.0 | 9.2.6.0 |
| oracle | siebel_ui_framework | < 21.9 | 21.9 |
| oracle | webcenter_sites | — | — |
| oracle | webcenter_sites | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM