Описание
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ckeditor | fixed | 4.19.0+dfsg-1 | package | |
| ckeditor | no-dsa | bullseye | package | |
| ckeditor | no-dsa | buster | package | |
| ckeditor3 | not-affected | package |
Примечания
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
https://github.com/ckeditor/ckeditor4/commit/8cff1e5aee3d766068792a374ba6b54a5cb92e2d (4.18.0)
EPSS
Связанные уязвимости
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Уязвимость плагина dialog WYSIWYG-редактора CKEditor, позволяющая нарушителю вызвать отказ в обслуживании
EPSS