Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2021-26271
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
| Software | From | Fixed in |
|---|---|---|
| ckeditor / ckeditor | 4.0 | 4.16 |
| oracle / webcenter_sites | 12.2.1.3.0 | 12.2.1.3.0.x |
| oracle / agile_plm | 9.3.5 | 9.3.5.x |
| oracle / agile_plm | 9.3.6 | 9.3.6.x |
| oracle / webcenter_sites | 12.2.1.4.0 | 12.2.1.4.0.x |
| oracle / jd_edwards_enterpriseone_tools | - | 9.2.6.0 |
| oracle / financial_services_analytical_applications_infrastructure | 8.1.1 | 8.1.1.x |
| oracle / siebel_ui_framework | - | 21.9 |
| oracle / financial_services_analytical_applications_infrastructure | 8.1.0 | 8.1.0.x |
| oracle / financial_services_analytical_applications_infrastructure | 8.0.6 | 8.0.9.x |
| oracle / application_express | - | 21.1.0 |
- https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
- https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime