GMS-2021-117: CKEditor 4 vulnerabilities in versions <4.16.1

August 23, 2021 (updated October 8, 2021)

Details see:

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc ( CVE-2021-37695 ) https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c ( CVE-2021-32808 ) https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg ( CVE-2021-32809 )

Patch: https://github.com/pimcore/pimcore/pull/10032

References

github.com/advisories/GHSA-cfcv-q4qq-2ph4
github.com/pimcore/pimcore/commit/0d2ce3b1db4ac40646cee5104115767505760b6a
github.com/pimcore/pimcore/security/advisories/GHSA-cfcv-q4qq-2ph4

Code Behaviors & Features

Detect and mitigate GMS-2021-117 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →