Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-21254
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-29 Jan, 2021 | 21:55
Updated At-03 Aug, 2024 | 18:09
Rejected At-
▼CVE Numbering Authority (CNA)
Regular expression Denial of Service in Markdown plugin

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.

Affected Products
Vendor
ckeditor
Product
ckeditor5
Versions
Affected
  • < 25.0.0
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr
x_refsource_CONFIRM
https://github.com/ckeditor/ckeditor5/releases/tag/v25.0.0
x_refsource_MISC
https://www.npmjs.com/package/%40ckeditor/ckeditor5-markdown-gfm
x_refsource_MISC
Hyperlink: https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/ckeditor/ckeditor5/releases/tag/v25.0.0
Resource:
x_refsource_MISC
Hyperlink: https://www.npmjs.com/package/%40ckeditor/ckeditor5-markdown-gfm
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr
x_refsource_CONFIRM
x_transferred
https://github.com/ckeditor/ckeditor5/releases/tag/v25.0.0
x_refsource_MISC
x_transferred
https://www.npmjs.com/package/%40ckeditor/ckeditor5-markdown-gfm
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/ckeditor/ckeditor5/releases/tag/v25.0.0
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.npmjs.com/package/%40ckeditor/ckeditor5-markdown-gfm
Resource:
x_refsource_MISC
x_transferred
Details not found