{"id":"CVE-2021-26271","details":"It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).","aliases":["GHSA-jv4c-7jqq-m34x"],"modified":"2026-04-10T04:31:17.935295Z","published":"2021-01-26T21:15:12.860Z","references":[{"type":"ADVISORY","url":"https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first"},{"type":"ADVISORY","url":"https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ckeditor/ckeditor4","events":[{"introduced":"769d96134bcf29f5d3d870e25797ce9b9dc8289e"},{"fixed":"17a1555f7fbb0e83f737c9efe27650dca8dff36f"}],"database_specific":{"versions":[{"introduced":"4.0"},{"fixed":"4.16"}]}}],"versions":["4.0","4.0.0","4.0.1","4.1","4.1.0","4.10.0","4.12.0","4.13.0","4.14.0","4.15.0","4.1rc","4.2","4.2.0","4.2.1","4.2.2","4.2.3","4.4.0","4.4.1","4.5.0","4.5.0-beta","4.6.0","4.7.0","4.8.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.3.5"}]},{"events":[{"introduced":"0"},{"last_affected":"9.3.6"}]},{"events":[{"introduced":"0"},{"fixed":"21.1.0"}]},{"events":[{"introduced":"8.0.6"},{"last_affected":"8.0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1.1"}]},{"events":[{"introduced":"0"},{"fixed":"9.2.6.0"}]},{"events":[{"introduced":"0"},{"fixed":"21.9"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.1.4.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26271.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}