It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"fixed": "21.1.0"
}
],
"source": "CPE_RANGE",
"vendor_product": "oracle:application_express"
},
{
"cpes": [
"cpe:2.3:a:oracle:commerce_merchandising:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "11.3.0"
},
{
"last_affected": "11.3.2"
}
],
"source": "CPE_RANGE",
"vendor_product": "oracle:commerce_merchandising"
},
{
"cpes": [
"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.0.6"
},
{
"last_affected": "8.0.9"
}
],
"source": "CPE_RANGE",
"vendor_product": "oracle:financial_services_analytical_applications_infrastructure"
},
{
"cpes": [
"cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.0.8.0.0"
},
{
"last_affected": "8.1.0.0.0"
}
],
"source": "CPE_RANGE",
"vendor_product": "oracle:financial_services_model_management_and_governance"
},
{
"cpes": [
"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"fixed": "9.2.6.0"
}
],
"source": "CPE_RANGE",
"vendor_product": "oracle:jd_edwards_enterpriseone_tools"
},
{
"cpes": [
"cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "21.9"
}
],
"source": "CPE_RANGE",
"vendor_product": "oracle:siebel_ui_framework"
},
{
"cpes": [
"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "9.3.5"
},
{
"last_affected": "9.3.5"
},
{
"introduced": "9.3.6"
},
{
"last_affected": "9.3.6"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:agile_plm"
},
{
"cpes": [
"cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.7.0"
},
{
"last_affected": "2.7.0"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:banking_party_management"
},
{
"cpes": [
"cpe:2.3:a:oracle:commerce_merchandising:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:commerce_merchandising:11.2.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "11.1.0"
},
{
"last_affected": "11.1.0"
},
{
"introduced": "11.2.0"
},
{
"last_affected": "11.2.0"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:commerce_merchandising"
},
{
"cpes": [
"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.1.0"
},
{
"last_affected": "8.1.0"
},
{
"introduced": "8.1.1"
},
{
"last_affected": "8.1.1"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:financial_services_analytical_applications_infrastructure"
},
{
"cpes": [
"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "12.2.1.3.0"
},
{
"last_affected": "12.2.1.3.0"
},
{
"introduced": "12.2.1.4.0"
},
{
"last_affected": "12.2.1.4.0"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:webcenter_sites"
}
]
}