You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: /static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/image2/image2.html
Path to vulnerable library: /static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/image2/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/image2/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/emoji/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/emoji/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/divarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/enterkey/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/placeholder/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/uicolor/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/sharedspace/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/enterkey/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/bbcode/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/sourcedialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/toolbar/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/magicline/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/autogrow/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/bbcode/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/easyimage/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/htmlwriter/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/wysiwygarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/codesnippet/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/tableresize/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/wysiwygarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/devtools/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/tableresize/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/uicolor/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/devtools/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/placeholder/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/docprops/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/dialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/divarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/dialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/htmlwriter/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/toolbarconfigurator/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/stylesheetparser/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/toolbar/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/stylesheetparser/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/mathjax/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/autogrow/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/easyimage/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/mentions/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/codesnippet/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/toolbarconfigurator/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/sharedspace/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/sourcedialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/magicline/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/mentions/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/mathjax/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/docprops/../../../ckeditor.js
Dependency Hierarchy:
❌ ckeditor-4.14.1.js (Vulnerable Library)
Vulnerability Details
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
CVE-2021-26271 - Medium Severity Vulnerability
The development version of CKEditor - JavaScript WYSIWYG web text editor.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/ckeditor/4.14.1/ckeditor.js
Path to dependency file: /static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/image2/image2.html
Path to vulnerable library: /static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/image2/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/image2/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/emoji/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/emoji/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/divarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/enterkey/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/placeholder/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/uicolor/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/sharedspace/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/enterkey/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/bbcode/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/sourcedialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/toolbar/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/magicline/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/autogrow/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/bbcode/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/easyimage/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/htmlwriter/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/wysiwygarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/codesnippet/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/tableresize/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/wysiwygarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/devtools/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/tableresize/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/uicolor/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/devtools/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/placeholder/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/docprops/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/dialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/divarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/dialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/htmlwriter/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/toolbarconfigurator/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/stylesheetparser/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/toolbar/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/stylesheetparser/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/mathjax/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/autogrow/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/easyimage/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/mentions/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/codesnippet/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/toolbarconfigurator/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/sharedspace/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/sourcedialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/magicline/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/mentions/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/mathjax/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/docprops/../../../ckeditor.js
Dependency Hierarchy:
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
Publish Date: 2021-01-26
URL: CVE-2021-26271
Base Score Metrics:
Type: Upgrade version
Release Date: 2021-01-26
Fix Resolution: ckeditor4 - 4.16.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: