CVE-2021-26272 in Ckeditor and Oracle Products
Published on January 26, 2021

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

NVD

Products Associated with CVE-2021-26272

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-26272 are published in these products:

Ckeditor

Oracle Agile Plm

Oracle Application Express

Oracle Banking Party Management

Oracle Commerce Merchandising

Oracle Financial Services Analytical Applications Infrastructure

Oracle Financial Services Model Management Governance

Oracle Jd Edwards Enterpriseone Tools

Oracle Siebel Ui Framework

Oracle Webcenter Sites

Exploit Probability

EPSS

0.20%

Percentile

42.33%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-26272 in Ckeditor and Oracle ProductsPublished on January 26, 2021

Products Associated with CVE-2021-26272

Exploit Probability

CVE-2021-26272 in Ckeditor and Oracle Products
Published on January 26, 2021