CKEditor: HTML processing module CVE-2022-24729

Issue date: 29-06-2022
Affects versions: 15.0, 14.7, 13.4

Security Issue ID

SECURITY-316

Affected Product Version(s)

13.4.17, 15.0.1, 14.7.7 and all previous versions

Severity

medium/high

Description

CVE-2022-24729

CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

Instructions

Update to the latest version.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

CKEditor: HTML processing module CVE-2022-24729