It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-03T20:19:20.393Z

Reserved: 2021-01-26T00:00:00

Link: CVE-2021-26272

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-26T21:15:12.923

Modified: 2024-11-21T05:56:00.900

Link: CVE-2021-26272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.