漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Regular expression Denial of Service in dialog plugin
Vulnerability Description
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
CKEditor 资源管理错误漏洞
Vulnerability Description
CKEditor是一套开源的、基于网页的文字编辑器。 CKEditor 4 4.18.0之前版本 存在安全漏洞,该漏洞源于CKEditor4 4.18.0之前版本在 “dialog” 插件中包含一个漏洞。该漏洞允许攻击者滥用对话框输入验证器正则表达式导致性能显著下降,从而导致浏览器选项卡冻结。
CVSS Information
N/A
Vulnerability Type
N/A