Name of the Vulnerable Software and Affected Versions: TinyMCE versions 5.5.1 and lower

Description: A regex denial of service (ReDoS) vulnerability was discovered in a dependency of the codesample plugin, allowing poorly formed ruby code samples to lock up the browser while performing syntax highlighting.

Recommendations: For TinyMCE versions 5.5.1 and lower, upgrade to TinyMCE 5.6.0 or higher to resolve the issue. As a temporary workaround, consider disabling the codesample plugin until a patch is available. Alternatively, disable ruby code samples using the codesample languages setting. Override the PrismJS syntax highlighter to version 1.21.0 or higher using the codesample global prismjs setting to minimize the risk of exploitation.