Your platform will be unavailable on the 13th of November 2024 from 9am to 12pm (Paris time) for maintenance operations

    •  
      request #36808 Allowlist ckeditor4 CVE-2024-24815, CVE-2023-4771 and CVE-2024-24816
    Infos
    #36808
    Thomas Gerbet (tgerbet)
    2024-02-08 16:29
    2024-02-08 09:52
    38407
    Details
    Allowlist ckeditor4 CVE-2024-24815, CVE-2023-4771 and CVE-2024-24816

    CVE-2024-24815

    https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm

    Fullpage editing is not enabled and CDATA elements have not been enabled in the Advanced Content Filtering configuration.

    CVE-2023-4771 and CVE-2024-24816

    https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-wh5w-82f3-wrxh
    https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76

    We do not ship the samples, only the ckeditor4 code after a build phase.

    Dependencies
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2024-02-08
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2024-02-08 10:14

    See gerrit #30396.

    We need to make a plan to upgrade to ckeditor5 (or move to something else).


    • Status changed from Under implementation to Under review