Veracode Vulnerability DatabaseVERACODE:29928Regular Expression Denial Of Service (ReDoS)
0.005 Low
EPSS
Percentile
76.0%
ckeditor5 is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability and crash the system by submitting a malicious html code via the parse.js function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @ckeditor/ckeditor5-paste-from-office | le | 27.0.0 | |
| @ckeditor/ckeditor5-engine | le | 27.0.0 |
References
github.com/ckeditor/ckeditor5/blob/master/CHANGELOG.md#release-highlights-1
github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj
www.npmjs.com/package/@ckeditor/ckeditor5-engine
www.npmjs.com/package/@ckeditor/ckeditor5-font
www.npmjs.com/package/@ckeditor/ckeditor5-image
www.npmjs.com/package/@ckeditor/ckeditor5-list
www.npmjs.com/package/@ckeditor/ckeditor5-markdown-gfm
www.npmjs.com/package/@ckeditor/ckeditor5-media-embed
www.npmjs.com/package/@ckeditor/ckeditor5-paste-from-office
www.npmjs.com/package/@ckeditor/ckeditor5-widget
Related
