6.5
CVSSv3

CVE-2021-21254

Published: 29/01/2021 Updated: 01/02/2021
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Summary

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ckeditor ckeditor 5

Github Repositories

Awesome ReDoS Security This is a list of useful info for real world ReDoS (AKA RegEx DoS, AKA Regular Expression Denial of Service) vulnerabilities ReDoS is primarily caused by catastrophic backtracking (AKA evil RegEx) ReDoS vulnerabilities are interesting because they are fairly easy to verify, but at the time this repo was created, there is no "go to" tool for i