UbuntuUpdates.org

Package "ckeditor"

Name: ckeditor

Description:

text editor which can be embedded into web pages

Latest version: 4.12.1+dfsg-1ubuntu0.1
Release: focal (20.04)
Level: updates
Repository: universe
Homepage: http://ckeditor.com

Links


Download "ckeditor"


Other versions of "ckeditor" in Focal

Repository Area Version
base universe 4.12.1+dfsg-1
security universe 4.12.1+dfsg-1ubuntu0.1

Changelog

Version: 4.12.1+dfsg-1ubuntu0.1 2022-03-22 16:06:42 UTC

  ckeditor (4.12.1+dfsg-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: code injection in HTML data processor
    - debian/patches/CVE-2021-33829.patch: treat --!> as a valid comment
      end tag in core/htmlparser.js
    - CVE-2021-33289
    - CVE-2020-9281
  * SECURITY UPDATE: HTML injection in clipboard plugin
    - debian/patches/CVE-2021-32809.patch: clean unwanted characters and
      tags from clipboard data in plugins/clipboard/plugin.js
    - CVE-2021-32809
  * SECURITY UPDATE: code injection through fake objects.
    - debian/patches/CVE-2021-37695.patch: perform filtering over the
      content used to restore real element in fakeobjects/plugin.js.
    - CVE-2021-37695

 -- David Fernandez Gonzalez <email address hidden> Fri, 18 Mar 2022 11:27:31 +0100

CVE-2021-33829 A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to in
CVE-2021-33289 In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for cod
CVE-2020-9281 A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web sc
CVE-2021-32809 ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](htt
CVE-2021-37695 ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](



About   -   Send Feedback to @ubuntu_updates