Affected Packages
The issue impacts only editor instances with enabled version notifications.
Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us.
Impact
A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. Although the vulnerability is purely hypothetical, we have addressed it in CKEditor 4.25.0-lts to ensure compliance with security best practices.
Patches
The issue has been recognized and patched. The fix is available in version 4.25.0-lts.
For More Information
If you have any questions or comments about this advisory, please email us at [email protected].
References
Affected Packages
The issue impacts only editor instances with enabled version notifications.
Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us.
Impact
A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. Although the vulnerability is purely hypothetical, we have addressed it in CKEditor 4.25.0-lts to ensure compliance with security best practices.
Patches
The issue has been recognized and patched. The fix is available in version 4.25.0-lts.
For More Information
If you have any questions or comments about this advisory, please email us at [email protected].
References