Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/ckeditor/ckeditor@4.13.0
Typecomposer
Namespaceckeditor
Nameckeditor
Version4.13.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.25.0
Latest_non_vulnerable_version4.25.0
Affected_by_vulnerabilities
0
url VCID-6xfu-dm97-nkg4
vulnerability_id VCID-6xfu-dm97-nkg4
summary cross-site scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28181
published_at 2026-06-08T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28265
published_at 2026-06-06T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28186
published_at 2026-06-09T12:55:00Z
3
value 0.00106
scoring_system epss
scoring_elements 0.28223
published_at 2026-06-07T12:55:00Z
4
value 0.00106
scoring_system epss
scoring_elements 0.28315
published_at 2026-06-05T12:55:00Z
5
value 0.00128
scoring_system epss
scoring_elements 0.31709
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
7
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
10
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
reference_id CVE-2021-41165
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
12
reference_url https://github.com/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h26-63m7-qhf2
13
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
fixed_packages
0
url pkg:composer/ckeditor/ckeditor@4.17.0
purl pkg:composer/ckeditor/ckeditor@4.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dhra-m93g-tucw
1
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ckeditor/ckeditor@4.17.0
aliases CVE-2021-41165, GHSA-7h26-63m7-qhf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xfu-dm97-nkg4
1
url VCID-dhra-m93g-tucw
vulnerability_id VCID-dhra-m93g-tucw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24815
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37837
published_at 2026-06-05T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37784
published_at 2026-06-09T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.37772
published_at 2026-06-08T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.37809
published_at 2026-06-07T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.3784
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24815
1
reference_url https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata
2
reference_url https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html
3
reference_url https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24815
5
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
6
reference_url https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
7
reference_url https://www.drupal.org/sa-contrib-2024-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://www.drupal.org/sa-contrib-2024-009
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063536
reference_id 1063536
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063536
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063537
reference_id 1063537
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063537
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24815
reference_id CVE-2024-24815
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24815
11
reference_url https://github.com/advisories/GHSA-fq6h-4g8v-qqvm
reference_id GHSA-fq6h-4g8v-qqvm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fq6h-4g8v-qqvm
12
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm
reference_id GHSA-fq6h-4g8v-qqvm
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm
13
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
fixed_packages
0
url pkg:composer/ckeditor/ckeditor@4.24.0
purl pkg:composer/ckeditor/ckeditor@4.24.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ckeditor/ckeditor@4.24.0
aliases CVE-2024-24815, GHSA-fq6h-4g8v-qqvm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhra-m93g-tucw
2
url VCID-zpr3-15yc-gfcn
vulnerability_id VCID-zpr3-15yc-gfcn
summary 
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
### Affected packages
The vulnerability has been discovered in [Code Snippet GeSHi](https://ckeditor.com/cke4/addon/codesnippetgeshi) plugin. All integrators that use [GeSHi syntax highlighter](https://github.com/GeSHi/geshi-1.0) on the backend side can be affected.

### Impact
A potential vulnerability has been discovered in CKEditor 4 [Code Snippet GeSHi](https://ckeditor.com/cke4/addon/codesnippetgeshi) plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the [GeSHi syntax highlighter library](https://github.com/GeSHi/geshi-1.0) hosted by the victim.

The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server.

### Patches

The [GeSHi library](https://github.com/GeSHi/geshi-1.0) is no longer actively maintained. Due to the lack of ongoing support and updates, potential security vulnerabilities have been identified with its continued use. To mitigate these risks and enhance the overall security of the CKEditor 4, we have decided to completely remove the GeSHi library as a dependency. This change aims to maintain a secure environment and reduce the risk of any security incidents related to outdated or unsupported software.

To integrators who still want to use the GeSHi syntax highlighter, we recommend manually adding the [GeSHi library](https://github.com/GeSHi/geshi-1.0) . Please be aware of and understand the potential security vulnerabilities associated with its use.

The fix is be available in version 4.25.0-lts.

### Acknowledgements

The CKEditor 4 team would like to thank [Jiasheng He](https://github.com/Hebing123) from Qihoo 360 for recognizing and reporting this vulnerability.

### For more information

Email us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43407
reference_id
reference_type
scores
0
value 0.01847
scoring_system epss
scoring_elements 0.83366
published_at 2026-06-09T12:55:00Z
1
value 0.01847
scoring_system epss
scoring_elements 0.8336
published_at 2026-06-07T12:55:00Z
2
value 0.01847
scoring_system epss
scoring_elements 0.83364
published_at 2026-06-06T12:55:00Z
3
value 0.01847
scoring_system epss
scoring_elements 0.83361
published_at 2026-06-05T12:55:00Z
4
value 0.01847
scoring_system epss
scoring_elements 0.83352
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43407
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43407
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/commit/71072c9f7f263329841bd38e7e5309074c82ef94
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T19:12:17Z/
url https://github.com/ckeditor/ckeditor4/commit/71072c9f7f263329841bd38e7e5309074c82ef94
4
reference_url https://github.com/ckeditor/ckeditor4/commit/951e7d75fcbcaa2590b0719fb0bb0dd0539ca6fa
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T19:12:17Z/
url https://github.com/ckeditor/ckeditor4/commit/951e7d75fcbcaa2590b0719fb0bb0dd0539ca6fa
5
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T19:12:17Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083192
reference_id 1083192
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083192
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43407
reference_id CVE-2024-43407
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43407
8
reference_url https://github.com/advisories/GHSA-7r32-vfj5-c2jv
reference_id GHSA-7r32-vfj5-c2jv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7r32-vfj5-c2jv
fixed_packages
0
url pkg:composer/ckeditor/ckeditor@4.25.0
purl pkg:composer/ckeditor/ckeditor@4.25.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/ckeditor/ckeditor@4.25.0
aliases CVE-2024-43407, GHSA-7r32-vfj5-c2jv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpr3-15yc-gfcn
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/ckeditor/ckeditor@4.13.0