CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-04-23T18:53:35.902Z

Reserved: 2022-02-10T00:00:00.000Z

Link: CVE-2022-24729

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-16T17:15:07.943

Modified: 2024-11-21T06:50:57.993

Link: CVE-2022-24729

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.