Description

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

Remediation

References

CVE-2021-26271

Related Vulnerabilities

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-20612)

WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)

WordPress 2.0.4 Multiple Security Vulnerabilities (2.0.4)

Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11815)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)

Severity

Medium

Classification

CVE-2021-26271 CWE-829 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities