CentOS 8 : python38:3.8 (CESA-2020:4641)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4641 advisory. - PyYAML: command execution through python/object/apply constructor in FullLoader CVE-2019-20477 - python: infinite loop in the tarfile module via...

PT-2021-7377 · Python +10 · Urllib +10

Name of the Vulnerable Software and Affected Versions: urllib affected versions not specified Description: A flaw in the AbstractBasicAuthHandler class of urllib allows an attacker controlling a malicious HTTP server to trigger a Regular Expression Denial of Service ReDOS during an authentication...

CVE-2021-21254

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin @ckeditor/ckeditor5-markdown-gfm before version 25.0.0 has a regex denial of service ReDoS vulnerability. The vulnerability allowed to abuse link recognition regular expression, whi...

Design/Logic Flaw

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin @ckeditor/ckeditor5-markdown-gfm before version 25.0.0 has a regex denial of service ReDoS vulnerability. The vulnerability allowed to abuse link recognition regular expression, whi...

CVE-2021-21254

CVE-2021-21254 affects CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) versions ≤ 24.0.0. A ReDoS vulnerability arises from the plugin’s link-recognition regex, enabling significant performance degradation and browser tab freezes. The issue is fixed in version 25.0.0, with advisorie...

GHSA-HGMG-HHC8-G5WR CKEditor 5 Markdown plugin Regular expression Denial of Service

Impact A regular expression denial of service ReDoS vulnerability has been discovered in the CKEditor 5 Markdown plugin code. The vulnerability allowed to abuse a link recognition regular expression, which could cause a significant performance drop resulting in a browser tab freeze. It affects al...

PT-2021-14364 · Ckeditor · Ckeditor 5 Markdown Plugin

Name of the Vulnerable Software and Affected Versions: CKEditor 5 Markdown plugin versions prior to 25.0.0 Description: The CKEditor 5 Markdown plugin has a regex denial of service ReDoS vulnerability. This vulnerability allows the abuse of link recognition regular expressions, which could cause ...

Regular Expression Denial Of Service (ReDoS)

simple-markdown is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists because the library that parses markdown content lacks the sanitization in the parsing of the regex for //, allowing an attacker to send a malicious string via the del component in defaultRules...

CKEditor 4.0 < 4.16 Multiple ReDoS Vulnerabilities - Windows

CKEditor is prone to multiple regular expression denial of service ReDoS vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...

CKEditor 4.0 < 4.16 Multiple ReDoS Vulnerabilities - Linux

CKEditor is prone to multiple regular expression denial of service ReDoS vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...

Regular Expression Denial Of Service (ReDoS)

ckeditor4 is vulnerable to regular expression denial of service. An insecure usage of the regular expression allows an attacker to crash the user's browser through excessive memory consumption by tricking a user into pasting a malicious text into the Styles input in the Advanced Tab for Dialogs...

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

Design/Logic Flaw

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

UBUNTU-CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

Design/Logic Flaw

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...