Vulnerability: CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*


https://www.debian.org/security/2020/dsa-4789
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450
https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447
https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply