UBUNTU-CVE-2021-41165

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-41165

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-41165.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-41165

Upstream

CVE-2021-41165

Published

2021-11-17T20:15:00Z

Modified

2025-07-14T07:00:50.300555Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L CVSS Calculator
5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.16.04.1~esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4+dfsg1-3

4.5.6+dfsg-1

4.5.7+dfsg-1

4.5.7+dfsg-2

4.5.7+dfsg-2ubuntu0.16.04.1~esm1

4.5.7+dfsg-2ubuntu0.16.04.1~esm2

Ubuntu:Pro:16.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@5.2-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9-1

5.*

5.1-1

5.2-1

5.2-1ubuntu1

Ubuntu:Pro:16.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.2.12-5?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.2.11-2

4.2.12-3

4.2.12-4

4.2.12-5

Ubuntu:Pro:18.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.5.7+dfsg-2ubuntu0.18.04.1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.7+dfsg-2

4.5.7+dfsg-2ubuntu0.18.04.1

4.5.7+dfsg-2ubuntu0.18.04.1+esm1

Ubuntu:Pro:18.04:LTS / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-1

Ubuntu:Pro:18.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@6.2-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7-1

6.*

6.1-1

6.2-1

Ubuntu:Pro:18.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.2-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.1-5

4.4.2-1

4.4.2-2

4.4.2-2ubuntu0.1~esm1

Ubuntu:Pro:20.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.12.1+dfsg-1ubuntu0.1+esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.1+dfsg-1

4.12.1+dfsg-1

4.12.1+dfsg-1ubuntu0.1

4.12.1+dfsg-1ubuntu0.1+esm1

Ubuntu:Pro:20.04:LTS / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-4?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-3

3.6.6.1+dfsg-4

Ubuntu:Pro:20.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@6.7-1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.7-1

Ubuntu:Pro:20.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.3-2+deb10u3build0.20.04.1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.3-2

4.4.3-2+deb10u3build0.20.04.1

Ubuntu:22.04:LTS / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/ubuntu/ckeditor@4.16.2+dfsg-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.16.0+dfsg-2

4.16.2+dfsg-1

Ubuntu:22.04:LTS / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ubuntu:22.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@7.7-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.5-1

7.7-1

Ubuntu:22.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.4+dfsg-2ubuntu1.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4+dfsg-2ubuntu1

4.4.4+dfsg-2ubuntu1.22.04.1

Ubuntu:24.04:LTS / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ubuntu:24.04:LTS / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@8.5-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.3-1

8.5-1

Ubuntu:24.04:LTS / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.4+dfsg-2ubuntu1

4.4.4+dfsg-2ubuntu2

4.4.7+dfsg-1

Ubuntu:25.04 / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/ubuntu/ckeditor3@3.6.6.1+dfsg-7?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ubuntu:25.04 / ldap-account-manager

Package

Name: ldap-account-manager
Purl: pkg:deb/ubuntu/ldap-account-manager@9.0-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.5-1

9.*

9.0-1

Ubuntu:25.04 / request-tracker4

Package

Name: request-tracker4
Purl: pkg:deb/ubuntu/request-tracker4@4.4.7+dfsg-4syncable1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.4.7+dfsg-1

4.4.7+dfsg-4syncable1