VulnerableCode Vulnerability Details - VCID-xgxf-ad4q-5kaq

Search for vulnerabilities

Vulnerability details: VCID-xgxf-ad4q-5kaq

Essentials
Severities (1)
References (6)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xgxf-ad4q-5kaq
Aliases	CVE-2022-24729 GHSA-f6rf-9m92-x2hh
Summary	CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-1333	Inefficient Regular Expression Complexity
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00445	https://api.first.org/data/v1/epss?cve=CVE-2022-24729

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-24729
		https://ckeditor.com/cke4/release/CKEditor-4.18.0
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729
		https://www.drupal.org/sa-core-2022-005
CVE-2022-24729		https://nvd.nist.gov/vuln/detail/CVE-2022-24729
GHSA-f6rf-9m92-x2hh		https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh

No exploits are available.

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.62463
EPSS Score	0.00445
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T13:39:26.228138+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	36.1.3