Codemirror vulnerabilities

CVE-2025-6493 [MEDIUM] CWE-1333 CodeMirror Markdown Mode markdown.js redos CodeMirror Markdown Mode markdown.js redos A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is a

CVE-2020-7760 [HIGH] CWE-400 CVE-2020-7760: This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirro This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-patter