It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ckeditor4-dev(npm) | 0 | 4.16 | N/A |
CVSS Metrics
