Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-26271
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-26 Jan, 2021 | 21:15
Updated At-01 Dec, 2021 | 16:16

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
ckeditor
ckeditor
>>ckeditor>>Versions from 4.0(inclusive) to 4.16(exclusive)
cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>agile_plm>>9.3.5
cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>agile_plm>>9.3.6
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_express>>Versions before 21.1.0(exclusive)
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>financial_services_analytical_applications_infrastructure>>Versions from 8.0.6(inclusive) to 8.0.9(inclusive)
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>financial_services_analytical_applications_infrastructure>>8.1.0
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>financial_services_analytical_applications_infrastructure>>8.1.1
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jd_edwards_enterpriseone_tools>>Versions before 9.2.6.0(exclusive)
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>siebel_ui_framework>>Versions before 21.9(exclusive)
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>webcenter_sites>>12.2.1.3.0
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>webcenter_sites>>12.2.1.4.0
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-829Primarynvd@nist.gov
CWE ID: CWE-829
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-firstcve@mitre.org
Vendor Advisory
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416cve@mitre.org
Release Notes
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.htmlcve@mitre.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlcve@mitre.org
Patch
Third Party Advisory
Hyperlink: https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
Source: cve@mitre.org
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Change History
0Changes found
Details not found