Описание
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Ссылки
- Release NotesVendor Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
EPSS
6.5 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...
Уязвимость плагина dialog WYSIWYG-редактора CKEditor, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2