Описание
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ckeditor | fixed | 4.16.0+dfsg-1 | package | |
| ckeditor | no-dsa | buster | package | |
| ckeditor | postponed | stretch | package | |
| ckeditor3 | not-affected | package |
Примечания
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
Связанные уязвимости
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
Уязвимость плагина Advanced Tab for Dialogs WYSIWYG-редактора CKEditor, позволяющая нарушителю подделать содержимое адресной строки