Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2021-26272
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
| Software | From | Fixed in |
|---|---|---|
| ckeditor / ckeditor | 4.0 | 4.16 |
| oracle / webcenter_sites | 12.2.1.3.0 | 12.2.1.3.0.x |
| oracle / agile_plm | 9.3.5 | 9.3.5.x |
| oracle / agile_plm | 9.3.6 | 9.3.6.x |
| oracle / webcenter_sites | 12.2.1.4.0 | 12.2.1.4.0.x |
| oracle / commerce_merchandising | 11.1.0 | 11.1.0.x |
| oracle / commerce_merchandising | 11.2.0 | 11.2.0.x |
| oracle / jd_edwards_enterpriseone_tools | - | 9.2.6.0 |
| oracle / financial_services_model_management_and_governance | 8.0.8.0.0 | 8.1.0.0.0.x |
| oracle / financial_services_analytical_applications_infrastructure | 8.1.1 | 8.1.1.x |
| oracle / financial_services_analytical_applications_infrastructure | 8.1.0 | 8.1.0.x |
| oracle / financial_services_analytical_applications_infrastructure | 8.0.6 | 8.0.9.x |
| oracle / application_express | - | 21.1.0 |
| oracle / banking_party_management | 2.7.0 | 2.7.0.x |
| oracle / siebel_ui_framework | - | 21.9.x |
| oracle / commerce_merchandising | 11.3.0 | 11.3.2.x |
ckeditor4
|
- | 4.16.0 |
- https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
- https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html