CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

References

Affected packages

Git

github.com/ckeditor/ckeditor-releases

Affected ranges

Type: GIT
Repo: https://github.com/ckeditor/ckeditor-releases
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b2758d4603322b1fc12b4e6208240f1e785e1cfa

Affected versions

4.*

4.0.1/standard

4.0/standard

4.1.1/standard

4.1.2/standard

4.1.3/standard

4.1/standard

4.10.0

4.11.0

4.11.1

4.11.2

4.11.3

4.11.4

4.12.0

4.12.1

4.13.0

4.13.1

4.14.0

4.14.1

4.15.0

4.15.1

4.16.0

4.16.1

4.1rc/standard

4.2.1/standard

4.2.2/standard

4.2.3/standard

4.2/standard

4.3.0/standard

4.3.1/standard

4.3.2/standard

4.3.3

4.3.4

4.3.5

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.5.0

4.5.1

4.5.10

4.5.11

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.6.0

4.6.1

4.6.2

4.7.0

4.7.1

4.7.2

4.7.3

4.8.0

4.9.0

4.9.1

4.9.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37695.json"

github.com/ckeditor/ckeditor4

Affected ranges

Type: GIT
Repo: https://github.com/ckeditor/ckeditor4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e64f672190a14d3c38aebd94ae4fb10c79e4545

Fixed

de3c001540715f9c3801aaa38a1917de46cfcf58

Affected versions

4.*

4.0

4.0.0

4.0.1

4.0.1.1

4.0.2

4.0.3

4.1

4.1.0

4.1.1

4.1.2

4.1.3

4.10.0

4.10.1

4.11.0

4.11.1

4.11.2

4.11.3

4.11.4

4.12.0

4.12.1

4.13.0

4.13.1

4.14.0

4.14.1

4.15.0

4.15.1

4.16.0

4.16.1

4.1rc

4.2

4.2.0

4.2.1

4.2.2

4.2.3

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3beta

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.5.0

4.5.0-beta

4.5.1

4.5.10

4.5.11

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.6.0

4.6.1

4.6.2

4.7.0

4.7.1

4.7.2

4.7.3

4.8.0

4.9.0

4.9.1

4.9.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37695.json"

github.com/ckeditor/ckeditor4-releases

Affected ranges

Type: GIT
Repo: https://github.com/ckeditor/ckeditor4-releases
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0919c6a34271f9776c495e78deff75ffefe52b62

Affected versions

4.*

4.0.1/standard

4.0/standard

4.1.1/standard

4.1.2/standard

4.1.3/standard

4.1/standard

4.1rc/standard

4.2.1/standard

4.2.2/standard

4.2.3/standard

4.2/standard

4.3.0/standard

4.3.1/standard

4.3.2/standard

standard/4.*

standard/4.10.0

standard/4.10.1

standard/4.11.0

standard/4.11.1

standard/4.11.2

standard/4.11.3

standard/4.11.4

standard/4.12.0

standard/4.12.1

standard/4.13.0

standard/4.13.1

standard/4.14.0

standard/4.14.1

standard/4.15.0

standard/4.15.1

standard/4.16.0

standard/4.16.1

standard/4.3.3

standard/4.3.4

standard/4.3.5

standard/4.4.0

standard/4.4.1

standard/4.4.2

standard/4.4.3

standard/4.4.4

standard/4.4.5

standard/4.4.6

standard/4.4.7

standard/4.4.8

standard/4.5.0

standard/4.5.1

standard/4.5.10

standard/4.5.11

standard/4.5.2

standard/4.5.3

standard/4.5.4

standard/4.5.5

standard/4.5.6

standard/4.5.7

standard/4.5.8

standard/4.5.9

standard/4.6.0

standard/4.6.1

standard/4.6.2

standard/4.7.0

standard/4.7.1

standard/4.7.2

standard/4.7.3

standard/4.8.0

standard/4.9.0

standard/4.9.1

standard/4.9.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37695.json"