Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-32808

Опубликовано: 12 авг. 2021
Источник: debian
EPSS Низкий

Описание

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ckeditorfixed4.16.2+dfsg-1package
ckeditorno-dsabullseyepackage
ckeditornot-affectedbusterpackage
ckeditornot-affectedstretchpackage

Примечания

  • https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c

  • https://github.com/ckeditor/ckeditor4/commit/0cb59313c834c94cec4c4d4c114b6ecb0270e21a (v4.16.2)

  • Introduced by https://github.com/ckeditor/ckeditor4/commit/72428a762271d5e54a609a7913356a6d309c895d (v4.13.0)

EPSS

Процентиль: 80%
0.01368
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-32808

CVSS3: 7.6
ubuntu
больше 4 лет назад

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

nvd логотип

CVE-2021-32808

CVSS3: 7.6
nvd
больше 4 лет назад

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

github логотип

GHSA-6226-h7ff-ch6c

CVSS3: 7.6
github
больше 4 лет назад

Widget feature vulnerability allowing to execute JavaScript code using undo functionality

fstec логотип

BDU:2022-01665

CVSS3: 5.4
fstec
больше 4 лет назад

Уязвимость плагина Widget и функционала Undo WYSIWYG-редактора CKEditor, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 80%
0.01368
Низкий