Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#32373] - Security vulnerability in TinyMCE CVE-2020-12648

?
avatar ldemirova
ldemirova
10 Feb 2021

Steps to reproduce the issue

Perform security scanning on unarchived Joomla@3.9.24.

Expected result

No packages with security vulnerabilities are found when running security scans.

Actual result

Running security scans we receive a medium vulnerability CVE-2020-12648 which is related to TinyMCE.

Additional comments

Our security scan suggest that the version is upgraded to 4.9.11 or 5.4.1.

avatar ldemirova ldemirova - open - 10 Feb 2021
avatar joomla-cms-bot joomla-cms-bot - change - 10 Feb 2021
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 10 Feb 2021
avatar SniperSister SniperSister - change - 10 Feb 2021
Status New Closed
Closed_Date 0000-00-00 00:00:00 2021-02-10 11:18:13
Closed_By SniperSister
avatar SniperSister SniperSister - close - 10 Feb 2021
avatar SniperSister
SniperSister - comment - 10 Feb 2021

The mentioned vulnerability was backported to Tiny 4.5.12 which is used in Joomla:
tinymce/tinymce@cf4b00e

So, there is no vulnerability.

Add a Comment

Login with GitHub to post a comment