6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-26272

GHSA ID

GHSA-wpvm-wqr4-p7cw

EPSS Score

0.42874%

CWE

CWE-829

Published

10/13/2021

Updated

2/1/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-26272

CVE-2021-26272:
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-26272

GHSA ID

GHSA-wpvm-wqr4-p7cw

EPSS Score

0.42874%

CWE

CWE-829

Published

10/13/2021

Updated

2/1/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ckeditor4	npm	< 4.16.0	4.16.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

It w*s possi*l* to *x**ut* * R**oS-typ* *tt**k insi** *K**itor * ***or* *.** *y p*rsu**in* * vi*tim to p*st* *r**t** URL-lik* t*xt into t** **itor, *n* t**n pr*ss *nt*r or Sp*** (in t** *utolink plu*in).

Reasoning

No *n*lysis *v*il**l*

6.5

Basic Information

Concerned about an active attack path?

CVE-2021-26272: Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2021-26272:
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4

Vulnerability Intelligence
Miggo AI