ckeditor5 is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability and crash the system by submitting a malicious html code via the parse.js
function.
github.com/ckeditor/ckeditor5/blob/master/CHANGELOG.md#release-highlights-1
github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj
www.npmjs.com/package/@ckeditor/ckeditor5-engine
www.npmjs.com/package/@ckeditor/ckeditor5-font
www.npmjs.com/package/@ckeditor/ckeditor5-image
www.npmjs.com/package/@ckeditor/ckeditor5-list
www.npmjs.com/package/@ckeditor/ckeditor5-markdown-gfm
www.npmjs.com/package/@ckeditor/ckeditor5-media-embed
www.npmjs.com/package/@ckeditor/ckeditor5-paste-from-office
www.npmjs.com/package/@ckeditor/ckeditor5-widget