Your submission was sent successfully! Close

CVE-2021-26271

Published: 26 January 2021

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

Notes

AuthorNote
litios
No specific patch was found
Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
ckeditor
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish
Released (4.16.0+dfsg-2)
jammy Not vulnerable
(4.16.2+dfsg-1)
precise Does not exist

trusty Does not exist

upstream
Released (4.16)
xenial Ignored
(end of standard support, was needed)