Running Greenbone security analyzer it shows that Xibo is vulnerable to ReDoS vulnerabilities. It says to update the version of CKEditor but im not sure how to go about that in Docker. I am running on CentOS 6 with Xibo 2.3.8 installed.
Summary
CKEditor is prone to multiple regular expression denial of service (ReDoS) vulnerabilities.
Detection Result
Installed version: 4.3 Fixed version: 4.16 Installation path / port: /dist/vendor/ckeditor
Insight
The following vulnerabilities exist: - ReDoS in the Advanced Tab for Dialogs plugin (CVE-2021-26271) - ReDoS in the Autolink plugin (CVE-2021-26272)
Detection Method
Checks if a vulnerable version is present on the target host.
Details: | CKEditor 4.0 < 4.16 Multiple ReDoS Vulnerabilities OID: 1.3.6.1.4.1.25623.1.0.145269 |
---|---|
Version used: | 2021-01-28T04:50:27Z |
Affected Software/OS
CKEditor versions 4.0 - 4.15.1.
Impact
Solution
Solution Type:
Vendorfix
Update to version 4.16 or later