CVE-2021-21254

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-21254
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21254.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-21254
Aliases
Related
Published
2021-01-29T22:15:14.797Z
Modified
2026-03-14T14:41:52.821147Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.

References

Affected packages

Git / github.com/ckeditor/ckeditor5

Affected ranges

Type
GIT
Repo
https://github.com/ckeditor/ckeditor5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0139bbe2732c2e1fd0225d857639521436c790b4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "25.0.0"
        }
    ]
}

Affected versions

10.*
10.1.0
v0.*
v0.1.0
v0.10.0
v0.11.0
v0.2.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.9.0
v1.*
v1.0.0-alpha.1
v1.0.0-alpha.2
v1.0.0-beta.1
v1.0.0-beta.2
v1.0.0-beta.4
v10.*
v10.0.0
v10.0.1
v10.1.0
v11.*
v11.0.0
v11.0.1
v11.1.0
v11.1.1
v11.2.0
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.3.1
v12.4.0
v15.*
v15.0.0
v16.*
v16.0.0
v17.*
v17.0.0
v18.*
v18.0.0
v19.*
v19.0.0
v19.1.0
v19.1.1
v20.*
v20.0.0
v21.*
v21.0.0
v22.*
v22.0.0
v23.*
v23.0.0
v23.1.0
v24.*
v24.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21254.json"