Search for packages
| purl | pkg:npm/ckeditor5@11.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6q1k-xwcb-53hm
Aliases: CVE-2022-48110 GHSA-6p89-3p7c-qrhv |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. |
Affected by 1 other vulnerability. |
|
VCID-r4vp-zkkv-jfex
Aliases: CVE-2021-21254 GHSA-hgmg-hhc8-g5wr |
CKEditor 5 Markdown plugin Regular expression Denial of Service ### Impact A regular expression denial of service (ReDoS) vulnerability has been discovered in the CKEditor 5 Markdown plugin code. The vulnerability allowed to abuse a link recognition regular expression, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using the CKEditor 5 Markdown plugin at version <= 24.0.0. ### Patches The problem has been recognized and patched. The fix will be available in version 25.0.0. ### Workarounds The user can work around the issue by: - Upgrading CKEditor 5 to version 25.0.0. - Disabling the Markdown plugin. ### More information If you have any questions or comments about this advisory: * Email us at [security@cksource.com](mailto:security@cksource.com) ### Acknowledgements The CKEditor 5 team would like to thank Erik Krogh Kristensen from the GitHub team for recognizing this vulnerability and Alvaro Muñoz from GitHub for reporting it. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||