CVE-2021-26271

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-26271
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-26271.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-26271
Aliases
Downstream
Published
2021-01-26T21:15:12.860Z
Modified
2026-03-18T11:45:47.189377Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

References

Affected packages

Git / github.com/ckeditor/ckeditor4

Affected ranges

Type
GIT
Repo
https://github.com/ckeditor/ckeditor4
Events
Introduced
769d96134bcf29f5d3d870e25797ce9b9dc8289e
Fixed
17a1555f7fbb0e83f737c9efe27650dca8dff36f
Database specific 
{
    "versions": [
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.16"
        }
    ]
}

Affected versions

4.*
4.0
4.0.0
4.0.1
4.0.1.1
4.0.2
4.0.3
4.1
4.1.0
4.1.1
4.1.2
4.1.3
4.10.0
4.10.1
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.12.0
4.12.1
4.13.0
4.13.1
4.14.0
4.14.1
4.15.0
4.15.1
4.1rc
4.2
4.2.0
4.2.1
4.2.2
4.2.3
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3beta
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.5.0
4.5.0-beta
4.5.1
4.5.10
4.5.11
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
4.6.0
4.6.1
4.6.2
4.7.0
4.7.1
4.7.2
4.7.3
4.8.0
4.9.0
4.9.1
4.9.2

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.3.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.3.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "21.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "8.0.6"
            },
            {
                "last_affected": "8.0.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.1.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "9.2.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "21.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-26271.json"