CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
Configurations

Configuration 1 (hide)

cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type Values Removed Values Added
References () https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first - Vendor Advisory () https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first - Vendor Advisory
References () https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 - Release Notes, Third Party Advisory () https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416 - Release Notes, Third Party Advisory
References () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory

Information

Published : 2021-01-26 21:15

Updated : 2024-11-21 05:56


NVD link : CVE-2021-26271

Mitre link : CVE-2021-26271

CVE.ORG link : CVE-2021-26271


JSON object : View

Products Affected

oracle

  • financial_services_analytical_applications_infrastructure
  • webcenter_sites
  • application_express
  • siebel_ui_framework
  • agile_plm
  • jd_edwards_enterpriseone_tools

ckeditor

  • ckeditor
CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere