GHSA-7h26-63m7-qhf2

Suggest an improvement
Source
https://github.com/advisories/GHSA-7h26-63m7-qhf2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-7h26-63m7-qhf2/GHSA-7h26-63m7-qhf2.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-7h26-63m7-qhf2
Aliases
Published
2021-11-17T21:58:25Z
Modified
2024-01-02T05:54:33.287183Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L CVSS Calculator
Summary
HTML comments vulnerability allowing to execute JavaScript code
Details

Affected packages

The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4.

Impact

A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0.

Patches

The problem has been recognized and patched. The fix will be available in version 4.17.0.

For more information

Email us at security@cksource.com if you have any questions or comments about this advisory.

Acknowledgements

The CKEditor 4 team would like to thank William Bowling (wbowling) for recognizing and reporting this vulnerability.

Database specific
{
    "nvd_published_at": "2021-11-17T20:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-17T19:57:11Z"
}
References

Affected packages

npm / ckeditor4

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.17.0

Packagist / ckeditor/ckeditor

Package

Name
ckeditor/ckeditor
Purl
pkg:composer/ckeditor/ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.17.0

Affected versions

4.*

4.3.3
4.3.4
4.3.5
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
4.5.10
4.5.11
4.6.0
4.6.1
4.6.2
4.7.0
4.7.1
4.7.2
4.7.3
4.8.0
4.9.0
4.9.1
4.9.2
4.10.0
4.10.1
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.12.0
4.12.1
4.13.0
4.13.1
4.14.0
4.14.1
4.15.0
4.15.1
4.16.0
4.16.1
4.16.2