debian · CVE-2022-24729

Quick triage

Priority: unimportant Published: Updated: Wed, 08 Jul 2026 15:01:25 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2022-24729 unimportant priority: Debian including 2 source packages (ckeditor, ckeditor3), 4 status rows across 2 suites (bookworm, bullseye): resolved 3, open 1.

Description:

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

cvelogic Threat Intelligence