codemirror
before 5.58.2 is vulnerable to a regular expression denial of service.
The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Upgrade to version 5.58.2 or later
CPE | Name | Operator | Version |
---|---|---|---|
codemirror | lt | 5.58.2 |