VYPR
Moderate severityOSV Advisory· Published Oct 30, 2020· Updated Sep 17, 2024

Regular Expression Denial of Service (ReDoS)

CVE-2020-7760

Description

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
codemirrornpm
< 5.58.25.58.2

Affected products

2

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.