 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.856895 |
| Categoría: | openSUSE Local Security Checks |
| Título: | openSUSE Security Advisory (openSUSE-SU-2025:0008-1) |
| Resumen: | The remote host is missing an update for the 'python-django-ckeditor' package(s) announced via the openSUSE-SU-2025:0008-1 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'python-django-ckeditor' package(s) announced via the openSUSE-SU-2025:0008-1 advisory. Vulnerability Insight: This update for python-django-ckeditor fixes the following issues: - Update to 6.7.2 * Deprecated the package. * Added a new ckeditor/fixups.js script which disables the version check again (if something slips through by accident) and which disables the behavior where CKEditor 4 would automatically attach itself to unrelated HTML elements with a contenteditable attribute (see CKEDITOR.disableAutoInline in the CKEditor 4 docs). - CVE-2024-24815: Fixed bypass of Advanced Content Filtering mechanism (boo#1219720) - update to 6.7.1: * Add Python 3.12, Django 5.0 * Silence the CKEditor version check/nag but include a system check warning - update to 6.7.0: * Dark mode fixes. * Added support for Pillow 10. - update to 6.6.1: * Required a newer version of django-js-asset which actually works with Django 4.1. * CKEditor 4.21.0 * Fixed the CKEditor styles when used with the dark Django admin theme. - update to 6.5.1: * Avoided calling ``static()`` if ``CKEDITOR_BASEPATH`` is defined. * Fixed ``./manage.py generateckeditorthumbnails`` to work again after the image uploader backend rework. * CKEditor 4.19.1 * Stopped calling ``static()`` during application startup. * Added Django 4.1 * Changed the context for the widget to deviate less from Django. Removed a * few template variables which are not used in the bundled * ``ckeditor/widget.html`` template. This only affects you if you are using a * customized widget or widget template. * Dropped support for Python < 3.8, Django < 3.2. * Added a pre-commit configuration. * Added a GitHub action for running tests. * Made selenium tests require opt in using a ``SELENIUM=firefox`` or ``SELENIUM=chromium`` environment variable. * Made it possible to override the CKEditor template in the widget class. * Changed ``CKEDITOR_IMAGE_BACKEND`` to require dotted module paths (the old identifiers are still supported for now). Affected Software/OS: 'python-django-ckeditor' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-24815 https://www.drupal.org/sa-contrib-2024-009 https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm |
| Copyright | Copyright (C) 2025 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |