CVE-2022-24729

2022-03-1617:15:00

Debian Security Bug Tracker

security-tracker.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

69.3%

JSON

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

OSVersionArchitecturePackageVersionFilename
Debian12allckeditor< 4.19.0+dfsg-1ckeditor_4.19.0+dfsg-1_all.deb
Debian11allckeditor<= 4.16.0+dfsg-2ckeditor_4.16.0+dfsg-2_all.deb
Debian10allckeditor<= 4.11.1+dfsg-1ckeditor_4.11.1+dfsg-1_all.deb
Debian999allckeditor< 4.19.0+dfsg-1ckeditor_4.19.0+dfsg-1_all.deb
Debian13allckeditor< 4.19.0+dfsg-1ckeditor_4.19.0+dfsg-1_all.deb
Debian12allckeditor3<= 3.6.6.1+dfsg-7ckeditor3_3.6.6.1+dfsg-7_all.deb
Debian11allckeditor3<= 3.6.6.1+dfsg-7ckeditor3_3.6.6.1+dfsg-7_all.deb
Debian10allckeditor3<= 3.6.6.1+dfsg-3ckeditor3_3.6.6.1+dfsg-3_all.deb
Debian999allckeditor3<= 3.6.6.1+dfsg-7ckeditor3_3.6.6.1+dfsg-7_all.deb
Debian13allckeditor3<= 3.6.6.1+dfsg-7ckeditor3_3.6.6.1+dfsg-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ckeditor	< 4.19.0+dfsg-1	ckeditor_4.19.0+dfsg-1_all.deb
Debian	11	all	ckeditor	<= 4.16.0+dfsg-2	ckeditor_4.16.0+dfsg-2_all.deb
Debian	10	all	ckeditor	<= 4.11.1+dfsg-1	ckeditor_4.11.1+dfsg-1_all.deb
Debian	999	all	ckeditor	< 4.19.0+dfsg-1	ckeditor_4.19.0+dfsg-1_all.deb
Debian	13	all	ckeditor	< 4.19.0+dfsg-1	ckeditor_4.19.0+dfsg-1_all.deb
Debian	12	all	ckeditor3	<= 3.6.6.1+dfsg-7	ckeditor3_3.6.6.1+dfsg-7_all.deb
Debian	11	all	ckeditor3	<= 3.6.6.1+dfsg-7	ckeditor3_3.6.6.1+dfsg-7_all.deb
Debian	10	all	ckeditor3	<= 3.6.6.1+dfsg-3	ckeditor3_3.6.6.1+dfsg-3_all.deb
Debian	999	all	ckeditor3	<= 3.6.6.1+dfsg-7	ckeditor3_3.6.6.1+dfsg-7_all.deb
Debian	13	all	ckeditor3	<= 3.6.6.1+dfsg-7	ckeditor3_3.6.6.1+dfsg-7_all.deb