CVE-2021-41165

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41165

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41165.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41165

Aliases

Related

UBUNTU-CVE-2021-41165

Published

2021-11-17T20:15:10Z

Modified

2024-09-18T03:17:34.256164Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

References

Affected packages

Debian:11 / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/debian/ckeditor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.16.0+dfsg-2

4.16.2+dfsg-1

4.19.0+dfsg-1

4.19.1+dfsg-1

4.22.1+dfsg-1

4.22.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/debian/ckeditor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ckeditor

Package

Name: ckeditor
Purl: pkg:deb/debian/ckeditor?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.0+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/debian/ckeditor3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/debian/ckeditor3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ckeditor3

Package

Name: ckeditor3
Purl: pkg:deb/debian/ckeditor3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.6.1+dfsg-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/ckeditor/ckeditor-releases

Affected ranges

Type: GIT
Repo: https://github.com/ckeditor/ckeditor-releases
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5a0d3c84b4bc9eb7d1ecd8dfa9b660eb691553c2

Type: GIT
Repo: https://github.com/ckeditor/ckeditor4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cab78d432999c8bcd8213a2e0786026a5f9a44dc

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

a412ca41cfc0d954fe3cb2dd982dc6ca049b1c70

Fixed

e187f925ed6aa9d9d4b3121904c077aa54ba108a

Affected versions

4.*

4.0

4.0.0

4.0.1

4.0.1.1

4.0.1/standard

4.0.2

4.0.3

4.0/standard

4.1

4.1.0

4.1.1

4.1.1/standard

4.1.2

4.1.2/standard

4.1.3

4.1.3/standard

4.1/standard

4.10.0

4.10.1

4.11.0

4.11.1

4.11.2

4.11.3

4.11.4

4.12.0

4.12.1

4.13.0

4.13.1

4.14.0

4.14.1

4.15.0

4.15.1

4.16.0

4.16.1

4.16.2

4.1rc

4.1rc/standard

4.2

4.2.0

4.2.1

4.2.1/standard

4.2.2

4.2.2/standard

4.2.3

4.2.3/standard

4.2/standard

4.3.0

4.3.0/standard

4.3.1

4.3.1/standard

4.3.2

4.3.2/standard

4.3.3

4.3.4

4.3.5

4.3beta

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.5.0

4.5.0-beta

4.5.1

4.5.10

4.5.11

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

4.5.7

4.5.8

4.5.9

4.6.0

4.6.1

4.6.2

4.7.0

4.7.1

4.7.2

4.7.3

4.8.0

4.9.0

4.9.1

4.9.2

8.*

8.9.0

8.9.1

8.9.10

8.9.11

8.9.12

8.9.13

8.9.14

8.9.15

8.9.16

8.9.17

8.9.18

8.9.19

8.9.2

8.9.3

8.9.4

8.9.5

8.9.6

8.9.8

8.9.9

standard/4.*

standard/4.10.0

standard/4.10.1

standard/4.11.0

standard/4.11.1

standard/4.11.2

standard/4.11.3

standard/4.11.4

standard/4.12.0

standard/4.12.1

standard/4.13.0

standard/4.13.1

standard/4.14.0

standard/4.14.1

standard/4.15.0

standard/4.15.1

standard/4.16.0

standard/4.16.1

standard/4.16.2

standard/4.3.3

standard/4.3.4

standard/4.3.5

standard/4.4.0

standard/4.4.1

standard/4.4.2

standard/4.4.3

standard/4.4.4

standard/4.4.5

standard/4.4.6

standard/4.4.7

standard/4.4.8

standard/4.5.0

standard/4.5.1

standard/4.5.10

standard/4.5.11

standard/4.5.2

standard/4.5.3

standard/4.5.4

standard/4.5.5

standard/4.5.6

standard/4.5.7

standard/4.5.8

standard/4.5.9

standard/4.6.0

standard/4.6.1

standard/4.6.2

standard/4.7.0

standard/4.7.1

standard/4.7.2

standard/4.7.3

standard/4.8.0

standard/4.9.0

standard/4.9.1

standard/4.9.2