Running Greenbone security analyzer it shows that Xibo is vulnerable to ReDoS vulnerabilities. It says to update the version of CKEditor but im not sure how to go about that in Docker. I am running on CentOS 6 with Xibo 2.3.8 installed.
CKEditor is prone to multiple regular expression denial of service (ReDoS) vulnerabilities.
Installed version: 4.3 Fixed version: 4.16 Installation path / port: /dist/vendor/ckeditor
The following vulnerabilities exist: - ReDoS in the Advanced Tab for Dialogs plugin (CVE-2021-26271) - ReDoS in the Autolink plugin (CVE-2021-26272)
Checks if a vulnerable version is present on the target host.
|Details:||CKEditor 4.0 < 4.16 Multiple ReDoS Vulnerabilities OID: 22.214.171.124.4.1.256126.96.36.199269|
CKEditor versions 4.0 - 4.15.1.
Update to version 4.16 or later