Your submission was sent successfully! Close

CVE-2021-26272

Published: 26 January 2021

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

Notes

AuthorNote
litios
No specific patch was found
Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
ckeditor
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish
Released (4.16.0+dfsg-2)
jammy Not vulnerable
(4.16.2+dfsg-1)
precise Does not exist

trusty Does not exist

upstream
Released (4.16)
xenial Ignored
(end of standard support, was needed)