Lucene search
AnonymousNODEJS:1702HistoryMay 10, 2021 - 6:48 p.m.
Regular expression denial of Service
2021-05-1018:48:59
Anonymous
www.npmjs.com
30
0.015 Low
EPSS
Percentile
86.9%
Overview
codemirror before 5.58.2 is vulnerable to a regular expression denial of service.
The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Recommendation
Upgrade to version 5.58.2 or later
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| codemirror | lt | 5.58.2 |
Related
ibm
ibm
debian
debian
[SECURITY] [DSA 4789-1] codemirror-js security update
2020-11-12 09:07:18
[SECURITY] [DSA 4789-1] codemirror-js security update
2020-11-12 09:07:18
osv
osv
CVE-2020-7760
2020-10-30 11:15:12
codemirror-js - security update
2020-11-12 00:00:00
Regular expression denial of service in codemirror
2021-05-10 18:46:27
github
github
Regular expression denial of service in codemirror
2021-05-10 18:46:27
ubuntucve
ubuntucve
CVE-2020-7760
2020-10-30 00:00:00
cvelist
cvelist
CVE-2020-7760 Regular Expression Denial of Service (ReDoS)
2020-10-30 00:00:00
cve
cve
CVE-2020-7760
2020-10-30 11:15:12
prion
prion
Code injection
2020-10-30 11:15:00
redhatcve
redhatcve
CVE-2020-7760
2020-10-30 16:56:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2020-11-02 04:10:50
debiancve
debiancve
CVE-2020-7760
2020-10-30 11:15:12
f5
f5
K000140225: Codemirror vulnerability CVE-2020-7760
2024-07-02 00:00:00
nessus
nessus
Debian DSA-4789-1 : codemirror-js - security update
2020-11-13 00:00:00
Oracle Database Server Multiple Vulnerabilities (Apr 2021 CPU)
2021-04-21 00:00:00
Oracle Database Server Multiple Vulnerabilities (Jul 2021 CPU)
2021-07-23 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4789-1)
2020-11-13 00:00:00
nvd
nvd
CVE-2020-7760
2020-10-30 11:15:12
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00