UBUNTU-CVE-2025-6493
- Source
- https://ubuntu.com/security/CVE-2025-6493
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6493.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-6493
- Upstream
- Published
- 2025-06-22T22:15:00Z
- Modified
- 2025-07-14T04:47:53Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."
- References
Affected packages
Ubuntu:Pro:16.04:LTS / codemirror-js
Package
- Name
- codemirror-js
- Purl
- pkg:deb/ubuntu/codemirror-js@5.4.0-1?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / codemirror-js
Package
- Name
- codemirror-js
- Purl
- pkg:deb/ubuntu/codemirror-js@5.19.0-1?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / codemirror-js
Package
- Name
- codemirror-js
- Purl
- pkg:deb/ubuntu/codemirror-js@5.51.0-1?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / codemirror-js
Package
- Name
- codemirror-js
- Purl
- pkg:deb/ubuntu/codemirror-js@5.65.0+~cs5.83.9-1?arch=source&distro=jammy
Ubuntu:24.04:LTS / codemirror-js
Package
- Name
- codemirror-js
- Purl
- pkg:deb/ubuntu/codemirror-js@5.65.0+~cs5.83.9-3?arch=source&distro=noble