CVE-2024-24816

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-24816

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24816.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-24816

Aliases

GHSA-mw2c-vx6j-mg76

Related

Published

2024-02-07T17:15:11Z

Modified

2025-01-08T15:53:18.774427Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.

References

Affected packages

Debian:11 / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/debian/ckeditor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.16.0+dfsg-2

4.16.2+dfsg-1

4.19.0+dfsg-1

4.19.1+dfsg-1

4.22.1+dfsg-1

4.22.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/debian/ckeditor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.19.1+dfsg-1

4.22.1+dfsg-1

4.22.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/debian/ckeditor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.19.1+dfsg-1

4.22.1+dfsg-1

4.22.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/debian/ckeditor3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/debian/ckeditor3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/debian/ckeditor3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/ckeditor/ckeditor-releases

Affected ranges

Type: GIT
Repo: https://github.com/ckeditor/ckeditor-releases
Events: Introduced

870a561110a23435d78eda377400dca7f64d3bd3

Fixed

84dd70230eb0f2a3c479a0e63aaa5fa108b3293d

Type: GIT
Repo: https://github.com/ckeditor/ckeditor4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb

Fixed

8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb

Affected versions

4.*

4.0

4.0.0

4.0.1

4.0.1.1

4.0.1/standard

4.0.2

4.0.3

4.0/standard

4.1

4.1.0

4.1.1

4.1.1/standard

4.1.2

4.1.2/standard

4.1.3

4.1.3/standard

4.1/standard

4.10.0

4.10.1

4.11.0

4.11.1

4.11.2

4.11.3

4.11.4

4.12.0

4.12.1

4.13.0

4.13.1

4.14.0

4.14.1

4.15.0

4.15.1

4.16.0

4.16.1

4.16.2

4.17.0

4.17.1

4.17.2

4.18.0

4.19.0

4.19.1

4.1rc

4.1rc/standard

4.2

4.2.0

4.2.1

4.2.1/standard

4.2.2

4.2.2/standard

4.2.3

4.2.3/standard

4.2/standard

4.20.0

4.20.1

4.20.2

4.21.0

4.22.0

4.22.1

4.23.0-lts

4.3.0

4.3.0/standard

4.3.1

4.3.1/standard

4.3.2

4.3.2/standard

4.3.3

4.3.4

4.3.5

4.3beta

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.5.0

4.5.0-beta

4.5.1

4.5.10

4.5.11

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.6.0

4.6.1

4.6.2

4.7.0

4.7.1

4.7.2

4.7.3

4.8.0

4.9.0

4.9.1

4.9.2

standard/4.*

standard/4.10.0

standard/4.10.1

standard/4.11.0

standard/4.11.1

standard/4.11.2

standard/4.11.3

standard/4.11.4

standard/4.12.0

standard/4.12.1

standard/4.13.0

standard/4.13.1

standard/4.14.0

standard/4.14.1

standard/4.15.0

standard/4.15.1

standard/4.16.0

standard/4.16.1

standard/4.16.2

standard/4.17.0

standard/4.17.1

standard/4.17.2

standard/4.18.0

standard/4.19.0

standard/4.19.1

standard/4.20.0

standard/4.20.1

standard/4.20.2

standard/4.21.0

standard/4.22.0

standard/4.22.1

standard/4.23.0-lts

standard/4.3.3

standard/4.3.4

standard/4.3.5

standard/4.4.0

standard/4.4.1

standard/4.4.2

standard/4.4.3

standard/4.4.4

standard/4.4.5

standard/4.4.6

standard/4.4.7

standard/4.4.8

standard/4.5.0

standard/4.5.1

standard/4.5.10

standard/4.5.11

standard/4.5.2

standard/4.5.3

standard/4.5.4

standard/4.5.5

standard/4.5.6

standard/4.5.7

standard/4.5.8

standard/4.5.9

standard/4.6.0

standard/4.6.1

standard/4.6.2

standard/4.7.0

standard/4.7.1

standard/4.7.2

standard/4.7.3

standard/4.8.0

standard/4.9.0

standard/4.9.1

standard/4.9.2