{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36269?format=json","vulnerability_id":"VCID-r4vp-zkkv-jfex","summary":"CKEditor 5 Markdown plugin Regular expression Denial of Service\n### Impact\nA regular expression denial of service (ReDoS) vulnerability has been discovered in the CKEditor 5 Markdown plugin code. The vulnerability allowed to abuse a link recognition regular expression, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using the CKEditor 5 Markdown plugin at version <= 24.0.0. \n\n### Patches\nThe problem has been recognized and patched. The fix will be available in version 25.0.0.\n\n### Workarounds\nThe user can work around the issue by:\n- Upgrading CKEditor 5 to version 25.0.0.\n- Disabling the Markdown plugin.\n\n### More information\nIf you have any questions or comments about this advisory:\n* Email us at [security@cksource.com](mailto:security@cksource.com)\n\n### Acknowledgements\nThe CKEditor 5 team would like to thank Erik Krogh Kristensen from the GitHub team for recognizing this vulnerability and \nAlvaro Muñoz from GitHub for reporting it.","aliases":[{"alias":"CVE-2021-21254"},{"alias":"GHSA-hgmg-hhc8-g5wr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/229580?format=json","purl":"pkg:npm/ckeditor5@25.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@25.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/74344?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@25.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@25.0.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/229550?format=json","purl":"pkg:npm/ckeditor5@0.0.1-security","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@0.0.1-security"},{"url":"http://public2.vulnerablecode.io/api/packages/229551?format=json","purl":"pkg:npm/ckeditor5@10.0.0-rc.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@10.0.0-rc.1"},{"url":"http://public2.vulnerablecode.io/api/packages/229552?format=json","purl":"pkg:npm/ckeditor5@10.0.0-rc.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@10.0.0-rc.2"},{"url":"http://public2.vulnerablecode.io/api/packages/229553?format=json","purl":"pkg:npm/ckeditor5@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@10.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229554?format=json","purl":"pkg:npm/ckeditor5@10.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@10.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/229555?format=json","purl":"pkg:npm/ckeditor5@10.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@10.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229556?format=json","purl":"pkg:npm/ckeditor5@11.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@11.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229557?format=json","purl":"pkg:npm/ckeditor5@11.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@11.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/229558?format=json","purl":"pkg:npm/ckeditor5@11.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@11.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229559?format=json","purl":"pkg:npm/ckeditor5@11.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@11.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/229560?format=json","purl":"pkg:npm/ckeditor5@11.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@11.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229561?format=json","purl":"pkg:npm/ckeditor5@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@12.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229562?format=json","purl":"pkg:npm/ckeditor5@12.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@12.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229563?format=json","purl":"pkg:npm/ckeditor5@12.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@12.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229564?format=json","purl":"pkg:npm/ckeditor5@12.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@12.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229565?format=json","purl":"pkg:npm/ckeditor5@12.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@12.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/229566?format=json","purl":"pkg:npm/ckeditor5@12.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@12.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229567?format=json","purl":"pkg:npm/ckeditor5@15.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@15.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229568?format=json","purl":"pkg:npm/ckeditor5@16.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@16.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229569?format=json","purl":"pkg:npm/ckeditor5@17.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@17.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229570?format=json","purl":"pkg:npm/ckeditor5@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@18.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229571?format=json","purl":"pkg:npm/ckeditor5@19.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@19.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229572?format=json","purl":"pkg:npm/ckeditor5@19.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@19.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229573?format=json","purl":"pkg:npm/ckeditor5@19.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@19.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/229574?format=json","purl":"pkg:npm/ckeditor5@20.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@20.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229575?format=json","purl":"pkg:npm/ckeditor5@21.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@21.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229576?format=json","purl":"pkg:npm/ckeditor5@22.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@22.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229577?format=json","purl":"pkg:npm/ckeditor5@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@23.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229578?format=json","purl":"pkg:npm/ckeditor5@23.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@23.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/229579?format=json","purl":"pkg:npm/ckeditor5@24.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6q1k-xwcb-53hm"},{"vulnerability":"VCID-r4vp-zkkv-jfex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@24.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228536?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228537?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228538?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@0.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/228539?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@0.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@0.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/228540?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@0.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@0.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/228541?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@0.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@0.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/228542?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@1.0.0-alpha.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@1.0.0-alpha.1"},{"url":"http://public2.vulnerablecode.io/api/packages/228543?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@1.0.0-alpha.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@1.0.0-alpha.2"},{"url":"http://public2.vulnerablecode.io/api/packages/228544?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@1.0.0-beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@1.0.0-beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/228545?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@1.0.0-beta.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@1.0.0-beta.2"},{"url":"http://public2.vulnerablecode.io/api/packages/228546?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@1.0.0-beta.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@1.0.0-beta.4"},{"url":"http://public2.vulnerablecode.io/api/packages/228547?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@10.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228548?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@10.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@10.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/228549?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@10.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@10.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/228550?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@10.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@10.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/228551?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@10.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@10.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/228552?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@11.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@11.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228553?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@11.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@11.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/228554?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@11.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@11.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/228555?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@11.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@11.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/228556?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@11.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@11.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/228557?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@11.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@11.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/228558?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@15.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@15.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228559?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@16.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@16.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228560?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@17.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@17.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228561?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@18.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228562?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@19.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@19.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228563?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@19.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@19.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/228564?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@20.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@20.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228565?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@21.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@21.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228566?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@22.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@22.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228567?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@23.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228568?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@23.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@23.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/228569?format=json","purl":"pkg:npm/%40ckeditor/ckeditor5-markdown-gfm@24.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r4vp-zkkv-jfex"},{"vulnerability":"VCID-wpgs-aj5v-zbbw"},{"vulnerability":"VCID-y831-gekf-cqh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-markdown-gfm@24.0.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21254","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61158","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61053","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61033","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61074","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.6108","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61063","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.6105","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61062","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61054","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61004","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61113","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61075","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61101","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.60911","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.60988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.60982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.6103","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61046","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61067","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21254"},{"reference_url":"https://github.com/ckeditor/ckeditor5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor5"},{"reference_url":"https://github.com/ckeditor/ckeditor5/releases/tag/v25.0.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor5/releases/tag/v25.0.0"},{"reference_url":"https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-hgmg-hhc8-g5wr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21254","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21254"},{"reference_url":"https://www.npmjs.com/package/@ckeditor/ckeditor5-markdown-gfm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/@ckeditor/ckeditor5-markdown-gfm"},{"reference_url":"https://github.com/advisories/GHSA-hgmg-hhc8-g5wr","reference_id":"GHSA-hgmg-hhc8-g5wr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgmg-hhc8-g5wr"}],"weaknesses":[{"cwe_id":400,"name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4vp-zkkv-jfex"}