ZSA-2021-02

Date: 2021-01-29
Affected: all versions of OTRS Community Edition; Znuny LTS 6.0.31
Severity: medium
CVE: CVE-Pending

There are two ReDoS vulnerabilities, which can cause a regular expression denial of service (ReDoS) using specially crafted strings.

The issue is fixed in the current stable release Znuny LTS 6.0.32, which includes CKEDitor 4.16.0. An update of Znuny LTS to the latest version is recommended.

Please see the release notes of CKEDitor for more detailed information.
An update is strongly recommended by the vendor of CKEditor.

Link: CKEditor - Release 4.16.0