CVE-2021-21254
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-21254
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21254.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-21254
- Aliases
- Related
- Published
- 2021-01-29T22:15:14Z
- Modified
- 2025-07-01T11:53:37.000570Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.
- References
Affected packages
Git / github.com/ckeditor/ckeditor5
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ckeditor/ckeditor5
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
10.*
10.1.0
v0.*
v0.1.0
v0.10.0
v0.11.0
v0.2.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.9.0
v1.*
v1.0.0-alpha.1
v1.0.0-alpha.2
v1.0.0-beta.1
v1.0.0-beta.2
v1.0.0-beta.4
v10.*
v10.0.0
v10.0.1
v10.1.0
v11.*
v11.0.0
v11.0.1
v11.1.0
v11.1.1
v11.2.0
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.3.1
v12.4.0
v15.*
v15.0.0
v16.*
v16.0.0
v17.*
v17.0.0
v18.*
v18.0.0
v19.*
v19.0.0
v19.1.0
v19.1.1
v20.*
v20.0.0
v21.*
v21.0.0
v22.*
v22.0.0
v23.*
v23.0.0
v23.1.0
v24.*
v24.0.0