CVE-2020-7760

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7760

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7760.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7760

Aliases

GHSA-4gw3-8f77-f72c
SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450
SNYK-JAVA-ORGWEBJARS-1024449
SNYK-JAVA-ORGWEBJARSBOWER-1024445
SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448
SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446
SNYK-JAVA-ORGWEBJARSNPM-1024447
SNYK-JS-CODEMIRROR-1016937

Related

Published

2020-10-30T11:15:12Z

Modified

2024-10-12T06:38:21.169847Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)

References

Affected packages

Debian:11 / codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/debian/codemirror-js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.58.2+~cs0.23.101-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/debian/codemirror-js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.58.2+~cs0.23.101-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/debian/codemirror-js?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.58.2+~cs0.23.101-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/codemirror/codemirror

Affected ranges

Type: GIT
Repo: https://github.com/codemirror/codemirror
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

264022ee4af4abca1c158944dc299a8faf8696d6

Type: GIT
Repo: https://github.com/codemirror/codemirror5
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

55d0333907117c9231ffdf555ae8824705993bbb

Affected versions

3.*

3.13.0

3.14.0

3.15.0

3.16.0

3.17.0

3.18.0

3.19.0

3.20.0

3.21.0

3.22.0

3.23.0

4.*

4.0.1

4.0.2

4.0.3

4.1.0

4.10.0

4.11.0

4.12.0

4.13.0

4.2.0

4.3.0

4.4.0

4.5.0

4.6.0

4.7.0

4.8.0

4.9.0

5.*

5.0.0

5.1.0

5.10.0

5.11.0

5.12.0

5.13.0

5.13.2

5.14.0

5.14.2

5.15.0

5.15.2

5.16.0

5.17.0

5.18.0

5.18.2

5.19.0

5.2.0

5.20.0

5.20.2

5.21.0

5.22.0

5.23.0

5.24.0

5.24.2

5.25.0

5.25.2

5.26.0

5.27.0

5.27.2

5.27.4

5.28.0

5.29.0

5.3.0

5.30.0

5.31.0

5.32.0

5.33.0

5.34.0

5.35.0

5.36.0

5.37.0

5.38.0

5.39.0

5.39.2

5.4.0

5.40.0

5.40.2

5.41.0

5.42.0

5.43.0

5.44.0

5.45.0

5.46.0

5.47.0

5.48.0

5.48.2

5.48.4

5.49.0

5.49.2

5.5.0

5.50.0

5.50.2

5.51.0

5.52.0

5.52.2

5.53.0

5.53.2

5.54.0

5.55.0

5.56.0

5.57.0

5.58.0

5.58.1

5.6.0

5.7.0

5.8.0

5.9.0

Other

beta1

beta2

v4_beta1

v4_beta2

v2.*

v2.0

v2.01

v2.02

v2.1

v2.11

v2.12

v2.13

v2.14

v2.15

v2.16

v2.17

v2.18

v2.2

v2.21

v2.22

v2.23

v2.24

v2.25

v2.3

v2.31

v2.32

v2.33

v3.*

v3.0

v3.01

v3.0beta1

v3.0beta2

v3.0rc1

v3.0rc2

v3.1

v3.11

v3.12