CVE-2022-24729
Regular expression Denial of Service in dialog pluginCKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
We have discovered 9,411 live websites that are affected by CVE-2022-24729.
Affected Software
| Product |  CKEditor |
| Category | Rich Text Editors |
| Vulnerable Domains | 9,411 live websites (79.94% of CKEditor install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 85 versions ( 85.86% of all versions) |
Common Weakness Enumeration
CWE-400 Uncontrolled Resource ConsumptionDetails
- Published - Mar 16, 2022
- Updated - Aug 3, 2024
CWE
CVE References
CWE References
CVE-2022-24729 usage by Country
 United States | 4,668 websites |
 France | 798 websites |
 Germany | 474 websites |
 Iran | 375 websites |
 Russia | 287 websites |
 Korea, South | 271 websites |
 Japan | 202 websites |
 GB | 163 websites |
 Poland | 142 websites |
 Singapore | 131 websites |
CVE-2022-24729 usage by TLD
| .com | 3,558 websites |
| .org | 1,029 websites |
| .net | 416 websites |
| .fr | 311 websites |
| .ru | 217 websites |
| .de | 165 websites |
| .com.br | 149 websites |
| .pl | 120 websites |
| .nl | 92 websites |
| .eu | 92 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-24729
Top websites that are affected by CVE-2022-24729. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.***.au |  Australia | *,*** | |
| *****.net |  Ukraine | **,*** | |
| ****.***********.***.au | Australia | **,*** | |
| ***.org | United States | **,*** | |
| ****.***.au | Australia | **,*** | |
| ********.org | United States | **,*** | |
| *******.***.ua | United States | **,*** | |
| ***.ca | United States | **,*** | |
| ***.***.au | Australia | **,*** | |
| ****************.com | United States | **,*** |
FAQ
CVE-2022-24729 is Uncontrolled Resource Consumption in CKEditor
A total of 9,411 websites have been identified as vulnerable to CVE-2022-24729, discovered through global website indexing conducted by WebTechSurvey.
CKEditor is susceptible to CVE-2022-24729 vulnerability.
CKEditor versions before 4.18 are vulnerable to CVE-2022-24729.
Version 4.18 of CKEditor addresses the CVE-2022-24729 security vulnerability.
References
- https://ckeditor.com/cke4/release/CKEditor-4.18.0
- https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.drupal.org/sa-core-2022-005
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/