CVE-2022-24729
Regular expression Denial of Service in dialog plugin
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
CKEditor4 es un editor HTML de código abierto "lo que visualizas es lo que obtienes". CKEditor4 versiones anteriores a 4.18.0, contiene una vulnerabilidad en el plugin "dialog". La vulnerabilidad permite abusar de una expresión regular del validador de entrada de diálogos, lo que puede causar una importante caída de rendimiento resultando en una congelación de la pestaña del navegador. Se presenta un parche disponible en versión 4.18.0. Actualmente no se conocen medidas de mitigación
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-10 CVE Reserved
- 2022-03-16 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.drupal.org/sa-core-2022-005 | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpujul2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ckeditor Search vendor "Ckeditor" | Ckeditor Search vendor "Ckeditor" for product "Ckeditor" | >= 4.0 < 4.18.0 Search vendor "Ckeditor" for product "Ckeditor" and version " >= 4.0 < 4.18.0" | - |
Affected
| ||||||
Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | >= 8.0.0 < 9.2.15 Search vendor "Drupal" for product "Drupal" and version " >= 8.0.0 < 9.2.15" | - |
Affected
| ||||||
Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | >= 9.3.0 < 9.3.8 Search vendor "Drupal" for product "Drupal" and version " >= 9.3.0 < 9.3.8" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Application Express Search vendor "Oracle" for product "Application Express" | < 22.1.1 Search vendor "Oracle" for product "Application Express" and version " < 22.1.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Commerce Merchandising Search vendor "Oracle" for product "Commerce Merchandising" | 11.3.2 Search vendor "Oracle" for product "Commerce Merchandising" and version "11.3.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | >= 8.0.7.0.0 <= 8.1.0.0.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.0.7.0.0 <= 8.1.0.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.1.1.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.1.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.1.2.0 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Analytical Applications Infrastructure Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" | 8.1.2.1 Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.2.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" | >= 8.1.1.0 <= 8.1.2.1 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version " >= 8.1.1.0 <= 8.1.2.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" | 8.0.7.0 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.0.7.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Behavior Detection Platform Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" | 8.0.8.0 Search vendor "Oracle" for product "Financial Services Behavior Detection Platform" and version "8.0.8.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Trade-based Anti Money Laundering Search vendor "Oracle" for product "Financial Services Trade-based Anti Money Laundering" | 8.0.7 Search vendor "Oracle" for product "Financial Services Trade-based Anti Money Laundering" and version "8.0.7" | enterprise |
Affected
| ||||||
Oracle Search vendor "Oracle" | Financial Services Trade-based Anti Money Laundering Search vendor "Oracle" for product "Financial Services Trade-based Anti Money Laundering" | 8.0.8 Search vendor "Oracle" for product "Financial Services Trade-based Anti Money Laundering" and version "8.0.8" | enterprise |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
|