Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@ckeditor/ckeditor5-watchdog

Package Overview
Dependencies
Maintainers
1
Versions
677
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@ckeditor/ckeditor5-watchdog - npm Package Versions

1
68

43.1.1

Diff

Changelog

Source

43.1.1 (September 25, 2024)

We are happy to announce the release of CKEditor 5 v43.1.1.

During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 clipboard package (CVE-2024-45613). This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert malicious content into the editor, which might happen with a very specific editor configuration.

This vulnerability affects only installations where the editor configuration meets the following criteria:

  1. The Block Toolbar plugin is enabled.
  2. One of the following plugins is also enabled:

You can read more details in the relevant security advisory and contact us if you have more questions.

Taking the occasion, we decided to introduce additional hardening to some parts of our codebase that introduce theoretical and unexploitable issues. Our security team confirmed that none of these issues were exploitable in a real scenario, however, we decided to fix them, in order to increase the overall security posture of our software.

Released packages

Check out the Versioning policy guide for more information.

<details> <summary>Released packages (summary)</summary>

Other releases:

</details>
ckeditor
published 0.0.0-nightly-20240925.0 •

ckeditor
published 0.0.0-nightly-20240924.0 •

ckeditor
published 0.0.0-nightly-20240923.0 •

ckeditor
published 0.0.0-nightly-20240922.0 •

ckeditor
published 0.0.0-nightly-20240921.0 •

ckeditor
published 0.0.0-nightly-20240920.0 •

ckeditor
published 0.0.0-nightly-20240919.0 •

ckeditor
published 0.0.0-nightly-20240918.0 •

ckeditor
published 0.0.0-nightly-20240917.0 •

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc