Source: ckeditor Version: 4.12.1+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for ckeditor. CVE-2021-26271[0]: | It was possible to execute a ReDoS-type attack inside CKEditor 4 | before 4.16 by persuading a victim to paste crafted text into the | Styles input of specific dialogs (in the Advanced Tab for Dialogs | plugin). CVE-2021-26272[1]: | It was possible to execute a ReDoS-type attack inside CKEditor 4 | before 4.16 by persuading a victim to paste crafted URL-like text into | the editor, and then press Enter or Space (in the Autolink plugin). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-26271 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271 [1] https://security-tracker.debian.org/tracker/CVE-2021-26272 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
