CVE-2021-32808

Опубликовано: 12 авг. 2021

Источник: ubuntu

Приоритет: medium

CVSS2: 3.5

CVSS3: 7.6

Описание

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	not-affected	4.16.2+dfsg-1
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	4.16.2+dfsg-1
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	DNE
focal	not-affected	code not present
hirsute	ignored	end of life
impish	released	4.16.0+dfsg-2ubuntu0.1

Показывать по

Ссылки на источники

3.5 Low

CVSS2

7.6 High

CVSS3

Связанные уязвимости

CVE-2021-32808

CVSS3: 7.6

nvd

больше 4 лет назад

CVE-2021-32808

CVSS3: 7.6

debian

больше 4 лет назад

ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...

GHSA-6226-h7ff-ch6c

CVSS3: 7.6

github

больше 4 лет назад

Widget feature vulnerability allowing to execute JavaScript code using undo functionality

BDU:2022-01665

CVSS3: 5.4

fstec

больше 4 лет назад

Уязвимость плагина Widget и функционала Undo WYSIWYG-редактора CKEditor, позволяющая нарушителю оказать воздействие на целостность данных

3.5 Low

CVSS2

7.6 High

CVSS3

CVE-2021-32808

Описание

Пакет ckeditor

Ссылки на источники

Связанные уязвимости