Description
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-2240 Vulnerability (CVE-2011-2240)
WordPress Plugin 3DPrint Lite Arbitrary File Upload (1.9.1.4)
Django Inefficient Regular Expression Complexity Vulnerability (CVE-2023-36053)
WordPress Plugin Import Export WordPress Users Security Bypass (1.3.8)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.5.30)