Description
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)
WordPress Plugin MailPoet Newsletters (Previous) Security Bypass (2.8.1)
PHP Out-of-bounds Write Vulnerability (CVE-2021-21703)
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.14)
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0473)