CVE-2021-21391

Uncontrolled Resource Consumption in npm/@ckeditor/ckeditor5-paste-from-office

Identifiers

CVE-2021-21391, GHSA-3rh3-wfr4-76mj

Package Slug

npm/@ckeditor/ckeditor5-paste-from-office

Vulnerability

Uncontrolled Resource Consumption

Description

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

Affected Versions

All versions before 27.0.0

Solution

Upgrade to version 27.0.0 or above.

Last Modified

2021-05-12

source