VDB
CVE-2021-32809
CVE-2021-32809
PUBLISHED
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
EPSS 0.24% · 46.8th percentile
Risk Scores
EPSS Score
0.24%
46.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | ckeditor | 4.11.1+dfsg-1, 0, 4.12.1+dfsg-1 |
| Ubuntu:18.04:LTS | ckeditor | 4.5.7+dfsg-2, 0 |
| Ubuntu:Pro:16.04:LTS | ckeditor | 4.5.7+dfsg-2, 4.5.7+dfsg-1, 4.5.6+dfsg-1 |
Exploit Intelligence
- CIRCL seen: CVE-2021-32809 (circl-sighting)
- https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg (circl)
- FEDORA-2021-51457da891 (circl)
- FEDORA-2021-72176a63a8 (circl)
- FEDORA-2021-87578dca12 (circl)
- https://www.oracle.com/security-alerts/cpuoct2021.html (circl)
- https://www.oracle.com/security-alerts/cpujan2022.html (circl)
Timeline
- CVE Published
- Aug 12, 2021 PoC Published
- Aug 13, 2021 EPSS Score
- Oct 5, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 5, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 2, 2022 EPSS Score
- Aug 1, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32809 third-party-advisory
- https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg third-party-advisory
- https://ubuntu.com/security/notices/USN-5340-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32809 third-party-advisory
- https://ubuntu.com/security/notices/USN-5340-2 vendor-advisory