CVE-2021-32809 (Medium) detected in ckeditor-4.14.1.js #137
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-32809 - Medium Severity Vulnerability
The development version of CKEditor - JavaScript WYSIWYG web text editor.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/ckeditor/4.14.1/ckeditor.js
Path to dependency file: /static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/image2/image2.html
Path to vulnerable library: /static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/image2/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/image2/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/emoji/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/emoji/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/divarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/enterkey/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/placeholder/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/uicolor/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/sharedspace/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/enterkey/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/bbcode/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/sourcedialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/toolbar/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/magicline/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/autogrow/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/bbcode/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/easyimage/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/htmlwriter/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/wysiwygarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/codesnippet/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/tableresize/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/wysiwygarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/devtools/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/tableresize/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/uicolor/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/devtools/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/placeholder/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/docprops/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/dialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/divarea/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/dialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/htmlwriter/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/toolbarconfigurator/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/stylesheetparser/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/toolbar/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/stylesheetparser/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/mathjax/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/autogrow/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/easyimage/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/mentions/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/old/codesnippet/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/youtube/bower_components/ckeditor/samples/toolbarconfigurator/../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/sharedspace/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/sourcedialog/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/magicline/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/mentions/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/mathjax/../../../ckeditor.js,/static/ckeditor/ckeditor/plugins/btgrid/bower_components/ckeditor/samples/old/docprops/../../../ckeditor.js
Dependency Hierarchy:
Found in base branch: master
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
Publish Date: 2021-08-12
URL: CVE-2021-32809
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-7889-rm5j-hpgg
Release Date: 2021-08-12
Fix Resolution: ckeditor4 - 4.16.2
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: