 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.856895 |
| Category: | openSUSE Local Security Checks |
| Title: | openSUSE Security Advisory (openSUSE-SU-2025:0008-1) |
| Summary: | The remote host is missing an update for the 'python-django-ckeditor' package(s) announced via the openSUSE-SU-2025:0008-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'python-django-ckeditor' package(s) announced via the openSUSE-SU-2025:0008-1 advisory. Vulnerability Insight: This update for python-django-ckeditor fixes the following issues: - Update to 6.7.2 * Deprecated the package. * Added a new ckeditor/fixups.js script which disables the version check again (if something slips through by accident) and which disables the behavior where CKEditor 4 would automatically attach itself to unrelated HTML elements with a contenteditable attribute (see CKEDITOR.disableAutoInline in the CKEditor 4 docs). - CVE-2024-24815: Fixed bypass of Advanced Content Filtering mechanism (boo#1219720) - update to 6.7.1: * Add Python 3.12, Django 5.0 * Silence the CKEditor version check/nag but include a system check warning - update to 6.7.0: * Dark mode fixes. * Added support for Pillow 10. - update to 6.6.1: * Required a newer version of django-js-asset which actually works with Django 4.1. * CKEditor 4.21.0 * Fixed the CKEditor styles when used with the dark Django admin theme. - update to 6.5.1: * Avoided calling ``static()`` if ``CKEDITOR_BASEPATH`` is defined. * Fixed ``./manage.py generateckeditorthumbnails`` to work again after the image uploader backend rework. * CKEditor 4.19.1 * Stopped calling ``static()`` during application startup. * Added Django 4.1 * Changed the context for the widget to deviate less from Django. Removed a * few template variables which are not used in the bundled * ``ckeditor/widget.html`` template. This only affects you if you are using a * customized widget or widget template. * Dropped support for Python < 3.8, Django < 3.2. * Added a pre-commit configuration. * Added a GitHub action for running tests. * Made selenium tests require opt in using a ``SELENIUM=firefox`` or ``SELENIUM=chromium`` environment variable. * Made it possible to override the CKEditor template in the widget class. * Changed ``CKEDITOR_IMAGE_BACKEND`` to require dotted module paths (the old identifiers are still supported for now). Affected Software/OS: 'python-django-ckeditor' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-24815 https://www.drupal.org/sa-contrib-2024-009 https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm |
| Copyright | Copyright (C) 2025 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |