CVE-2020-7760
published 2020-10-30CVE-2020-7760: This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codemirror | codemirror | < 5.58.2 | 5.58.2 |
| codemirror | codemirror | >= 0 < 5.58.2 | 5.58.2 |
| codemirror | codemirror | >= unspecified < 5.58.2 | 5.58.2 |
| debian | codemirror-js | < codemirror-js 5.58.2+~cs0.23.101-1 (bookworm) | codemirror-js 5.58.2+~cs0.23.101-1 (bookworm) |
| oracle | application_express | < 20.2 | 20.2 |
| oracle | enterprise_manager_express_user_interface | — | — |
| oracle | essbase | — | — |
| oracle | hyperion_data_relationship_management | < 11.2.9.0 | 11.2.9.0 |
| oracle | spatial_studio | < 19.1.0 | 19.1.0 |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH