CVE-2021-26271 (Medium) detected in ckeditor-4.14.1.js #128
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-26271 - Medium Severity Vulnerability
The development version of CKEditor - JavaScript WYSIWYG web text editor.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/ckeditor/4.14.1/ckeditor.js
Path to dependency file: /static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/image2/image2.html
Path to vulnerable library: /static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/image2/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/image2/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/emoji/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/emoji/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/divarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/enterkey/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/placeholder/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/uicolor/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/sharedspace/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/enterkey/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/bbcode/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/sourcedialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/toolbar/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/magicline/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/autogrow/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/bbcode/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/easyimage/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/htmlwriter/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/wysiwygarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/codesnippet/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/tableresize/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/wysiwygarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/devtools/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/tableresize/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/uicolor/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/devtools/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/placeholder/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/docprops/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/dialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/divarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/dialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/htmlwriter/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/toolbarconfigurator/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/stylesheetparser/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/toolbar/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/stylesheetparser/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/mathjax/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/autogrow/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/easyimage/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/mentions/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/codesnippet/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/toolbarconfigurator/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/sharedspace/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/sourcedialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/magicline/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/mentions/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/mathjax/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/docprops/../../../ckeditor.js
Dependency Hierarchy:
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
Publish Date: 2021-01-26
URL: CVE-2021-26271
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2021-01-26
Fix Resolution: ckeditor4 - 4.16.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: