Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ckeditor5\-Markdown\-Gfm
(Ckeditor)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-04-29 | CVE-2021-21391 | CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a... | Ckeditor5\-Engine, Ckeditor5\-Font, Ckeditor5\-Image, Ckeditor5\-List, Ckeditor5\-Markdown\-Gfm, Ckeditor5\-Media\-Embed, Ckeditor5\-Paste\-From\-Office, Ckeditor5\-Widget | 6.5 | ||
| 2022-08-03 | CVE-2022-31175 | CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor/ckeditor5-markdown-gfm`, `@ckeditor/ckeditor5-html-support`, and `@ckeditor/ckeditor5-html-embed`. The specific conditions are 1) Using one of the affected packages. In case of... | Ckeditor5\-Html\-Embed, Ckeditor5\-Html\-Support, Ckeditor5\-Markdown\-Gfm | 4.7 |