Candidate: CVE-2021-26272
PublicDate: 2021-01-26 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272
 https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
Description:
 It was possible to execute a ReDoS-type attack inside CKEditor 4 before
 4.16 by persuading a victim to paste crafted URL-like text into the editor,
 and then press Enter or Space (in the Autolink plugin).
Ubuntu-Description:
Notes:
 litios> No specific patch was found
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_ckeditor:
upstream_ckeditor: released (4.16)
precise/esm_ckeditor: DNE
trusty_ckeditor: ignored (out of standard support)
trusty/esm_ckeditor: DNE
xenial_ckeditor: ignored (end of standard support, was needed)
bionic_ckeditor: needs-triage
focal_ckeditor: needs-triage
groovy_ckeditor: ignored (reached end-of-life)
hirsute_ckeditor: ignored (reached end-of-life)
impish_ckeditor: released (4.16.0+dfsg-2)
jammy_ckeditor: not-affected (4.16.2+dfsg-1)
devel_ckeditor: not-affected (4.16.2+dfsg-1)