CVE-2022-24729
published 2022-03-16CVE-2022-24729: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ckeditor | ckeditor | >= 0 < 4.19.0+dfsg-1 | 4.19.0+dfsg-1 |
| ckeditor | ckeditor | >= 4.0 < 4.18.0 | 4.18.0 |
| ckeditor | ckeditor4 | < 4.18.0 | 4.18.0 |
| ckeditor | ckeditor4 | >= 0 < 4.18.0 | 4.18.0 |
| debian | ckeditor | < ckeditor 4.19.0+dfsg-1 (bookworm) | ckeditor 4.19.0+dfsg-1 (bookworm) |
| debian | ckeditor3 | < ckeditor 4.19.0+dfsg-1 (bookworm) | ckeditor 4.19.0+dfsg-1 (bookworm) |
| drupal | core | >= 8.0.0 < 9.2.15 | 9.2.15 |
| drupal | core | >= 9.3.0 < 9.3.8 | 9.3.8 |
| drupal | drupal | >= 8.0.0 < 9.2.15 | 9.2.15 |
| drupal | drupal | >= 9.3.0 < 9.3.8 | 9.3.8 |
| drupal | drupal_core | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| oracle | application_express | < 22.1.1 | 22.1.1 |
| oracle | commerce_merchandising | — | — |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.7.0.0 – 8.1.0.0.0 | — |
| oracle | financial_services_behavior_detection_platform | — | — |
| oracle | financial_services_behavior_detection_platform | — | — |
| oracle | financial_services_behavior_detection_platform | 8.1.1.0 – 8.1.2.1 | — |
| oracle | financial_services_trade-based_anti_money_laundering | — | — |
| oracle | financial_services_trade-based_anti_money_laundering | — | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH