Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1050246?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1050246?format=api", "purl": "pkg:deb/debian/ckeditor@4.11.1%2Bdfsg-1", "type": "deb", "namespace": "debian", "name": "ckeditor", "version": "4.11.1+dfsg-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56687?format=api", "vulnerability_id": "VCID-c8r2-wpf3-47f9", "summary": "CKEditor 4 ReDoS Vulnerability\nIt was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69867", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69982", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69972", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69929", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69959", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69935", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69919", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69871", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69894", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.69879", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26271" }, { "reference_url": "https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first", "reference_id": "", "reference_type": "", "scores": [], "url": "https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271" }, { "reference_url": "https://github.com/ckeditor/ckeditor4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor4" }, { "reference_url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26271", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26271" }, { "reference_url": "https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587", "reference_id": "982587", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587" }, { "reference_url": "https://github.com/advisories/GHSA-jv4c-7jqq-m34x", "reference_id": "GHSA-jv4c-7jqq-m34x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jv4c-7jqq-m34x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583500?format=api", "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17pr-6guy-53ge" }, { "vulnerability": "VCID-4x92-vapt-n7dz" }, { "vulnerability": "VCID-8hvk-a5es-v3e4" }, { "vulnerability": "VCID-k7qp-c6vp-sqbg" }, { "vulnerability": "VCID-sd2a-hmu2-wbax" }, { "vulnerability": "VCID-un66-k85j-b7d2" }, { "vulnerability": "VCID-vj35-jtgq-8qbv" }, { "vulnerability": "VCID-xhp7-kqdk-tfeu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2" } ], "aliases": [ "CVE-2021-26271", "GHSA-jv4c-7jqq-m34x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8r2-wpf3-47f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34364?format=api", "vulnerability_id": "VCID-h5zz-wz8f-2uf6", "summary": "Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4\nIt was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6598", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66068", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66054", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66018", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66049", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66061", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.65985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.65943", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66042", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.6603", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26272" }, { "reference_url": "https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272" }, { "reference_url": "https://github.com/ckeditor/ckeditor4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor4" }, { "reference_url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26272", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26272" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587", "reference_id": "982587", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587" }, { "reference_url": "https://github.com/advisories/GHSA-wpvm-wqr4-p7cw", "reference_id": "GHSA-wpvm-wqr4-p7cw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpvm-wqr4-p7cw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583500?format=api", "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17pr-6guy-53ge" }, { "vulnerability": "VCID-4x92-vapt-n7dz" }, { "vulnerability": "VCID-8hvk-a5es-v3e4" }, { "vulnerability": "VCID-k7qp-c6vp-sqbg" }, { "vulnerability": "VCID-sd2a-hmu2-wbax" }, { "vulnerability": "VCID-un66-k85j-b7d2" }, { "vulnerability": "VCID-vj35-jtgq-8qbv" }, { "vulnerability": "VCID-xhp7-kqdk-tfeu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2" } ], "aliases": [ "CVE-2021-26272", "GHSA-wpvm-wqr4-p7cw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5zz-wz8f-2uf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46066?format=api", "vulnerability_id": "VCID-s8u8-xbdk-87dj", "summary": "ckeditor4 vulnerable to cross-site scripting\nA cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.9779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97814", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97812", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97806", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97803", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.978", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97782", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97788", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97797", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.49674", "scoring_system": "epss", "scoring_elements": "0.97793", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33829" }, { "reference_url": "https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829" }, { "reference_url": "https://github.com/ckeditor/ckeditor4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ckeditor/ckeditor4" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33829", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33829" }, { "reference_url": "https://www.drupal.org/sa-core-2021-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.drupal.org/sa-core-2021-003" }, { "reference_url": "https://www.npmjs.com/package/ckeditor4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/ckeditor4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217", "reference_id": "1015217", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217" }, { "reference_url": "https://security.archlinux.org/ASA-202106-35", "reference_id": "ASA-202106-35", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-35" }, { "reference_url": "https://security.archlinux.org/AVG-2069", "reference_id": "AVG-2069", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2069" }, { "reference_url": "https://github.com/advisories/GHSA-rgx6-rjj4-c388", "reference_id": "GHSA-rgx6-rjj4-c388", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rgx6-rjj4-c388" }, { "reference_url": "https://usn.ubuntu.com/5340-1/", "reference_id": "USN-5340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5340-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5340-2/", "reference_id": "USN-USN-5340-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5340-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583500?format=api", "purl": "pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17pr-6guy-53ge" }, { "vulnerability": "VCID-4x92-vapt-n7dz" }, { "vulnerability": "VCID-8hvk-a5es-v3e4" }, { "vulnerability": "VCID-k7qp-c6vp-sqbg" }, { "vulnerability": "VCID-sd2a-hmu2-wbax" }, { "vulnerability": "VCID-un66-k85j-b7d2" }, { "vulnerability": "VCID-vj35-jtgq-8qbv" }, { "vulnerability": "VCID-xhp7-kqdk-tfeu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2" } ], "aliases": [ "CVE-2021-33829", "GHSA-rgx6-rjj4-c388" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8u8-xbdk-87dj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10049?format=api", "vulnerability_id": "VCID-qb4j-9tz7-m7a2", "summary": "Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83783", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83808", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83806", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83773", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83706", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.8372", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83734", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83737", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83761", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02024", "scoring_system": "epss", "scoring_elements": "0.83767", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17960" }, { "reference_url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released" }, { "reference_url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/" }, { "reference_url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17960" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2018-005" }, { "reference_url": "https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217", "reference_id": "1015217", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17960", "reference_id": "CVE-2018-17960", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17960" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml", "reference_id": "CVE-2018-17960.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml", "reference_id": "CVE-2018-17960.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-g68x-vvqq-pvw3", "reference_id": "GHSA-g68x-vvqq-pvw3", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g68x-vvqq-pvw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050246?format=api", "purl": "pkg:deb/debian/ckeditor@4.11.1%2Bdfsg-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-c8r2-wpf3-47f9" }, { "vulnerability": "VCID-h5zz-wz8f-2uf6" }, { "vulnerability": "VCID-s8u8-xbdk-87dj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.11.1%252Bdfsg-1" } ], "aliases": [ "CVE-2018-17960", "GHSA-g68x-vvqq-pvw3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb4j-9tz7-m7a2" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.11.1%252Bdfsg-1" }