CVE-2024-43411
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-43411
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43411.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-43411
- Aliases
- Related
- Published
- 2024-08-21T16:15:08Z
- Modified
- 2024-10-08T04:22:06.981009Z
- Summary
- [none]
- Details
-
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us. The fix is available in version 4.25.0-lts.
- References
Affected packages
Debian:13 / ckeditor
Package
- Name
- ckeditor
- Purl
- pkg:deb/debian/ckeditor?arch=source
Git / github.com/ckeditor/ckeditor4
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ckeditor/ckeditor4
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0
4.0.0
4.0.1
4.0.1.1
4.0.2
4.0.3
4.1
4.1.0
4.1.1
4.1.2
4.1.3
4.10.0
4.10.1
4.11.0
4.11.1
4.11.2
4.11.3
4.11.4
4.12.0
4.12.1
4.13.0
4.13.1
4.14.0
4.14.1
4.15.0
4.15.1
4.16.0
4.16.1
4.16.2
4.17.0
4.17.1
4.17.2
4.18.0
4.19.0
4.19.1
4.1rc
4.2
4.2.0
4.2.1
4.2.2
4.2.3
4.20.0
4.20.1
4.20.2
4.21.0
4.22.0
4.22.1
4.23.0-lts
4.24.0-lts
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3beta
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.5.0
4.5.0-beta
4.5.1
4.5.10
4.5.11
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.5.8
4.5.9
4.6.0
4.6.1
4.6.2
4.7.0
4.7.1
4.7.2
4.7.3
4.8.0
4.9.0
4.9.1
4.9.2