Versio.io

CVE-2021-26272

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 26-01-2021 10:15
Last modified: - 01-03-2022 06:18
Total changes: - 10

Description

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
None
Integrity
None
Privileges required
Unchanged
Scope
Required
User interaction
6.5
Base score
2.8
3.6
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=ckeditor AND product=ckeditor AND versionStartIncluding=4.0 AND versionEndExcluding=4.16
OR
vendor=oracle AND product=agile_plm AND version=9.3.5
vendor=oracle AND product=agile_plm AND version=9.3.6
vendor=oracle AND product=application_express AND versionEndExcluding=21.1.0
vendor=oracle AND product=banking_party_management AND version=2.7.0
vendor=oracle AND product=commerce_merchandising AND version=11.1.0
vendor=oracle AND product=commerce_merchandising AND version=11.2.0
vendor=oracle AND product=commerce_merchandising AND versionEndIncluding=11.3.2 AND versionStartIncluding=11.3.0
vendor=oracle AND product=financial_services_analytical_applications_infrastructure AND versionEndIncluding=8.0.9 AND versionStartIncluding=8.0.6
vendor=oracle AND product=financial_services_analytical_applications_infrastructure AND version=8.1.0
vendor=oracle AND product=financial_services_analytical_applications_infrastructure AND version=8.1.1
vendor=oracle AND product=financial_services_model_management_and_governance AND versionEndIncluding=8.1.0.0.0 AND versionStartIncluding=8.0.8.0.0
vendor=oracle AND product=jd_edwards_enterpriseone_tools AND versionEndExcluding=9.2.6.0
vendor=oracle AND product=siebel_ui_framework AND versionEndIncluding=21.9
vendor=oracle AND product=webcenter_sites AND version=12.2.1.3.0
vendor=oracle AND product=webcenter_sites AND version=12.2.1.4.0
 

Reference

 


Keywords

NVD

 

CVE-2021-26272

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.