📂 Vulnerable Library - vue-codemirror-4.0.6.tgz
CodeMirror component for Vue
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2020-7760 |
🟠 Medium |
5.5 |
Proof of concept |
< 1% |
codemirror-5.48.4.tgz |
Transitive |
N/A |
❌ |
|
Details
🟠CVE-2020-7760
Vulnerable Library - codemirror-5.48.4.tgz
Full-featured in-browser code editor
Library home page: https://registry.npmjs.org/codemirror/-/codemirror-5.48.4.tgz
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Dependency Hierarchy:
- vue-codemirror-4.0.6.tgz (Root Library)
- ❌ codemirror-5.48.4.tgz (Vulnerable Library)
Vulnerability Details
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Oct 30, 2020 11:10 AM
URL: CVE-2020-7760
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 5.5
Suggested Fix
Type: Upgrade version
Origin: GHSA-4gw3-8f77-f72c
Release Date: Oct 30, 2020 11:10 AM
Fix Resolution : codemirror - 5.58.2
📂 Vulnerable Library - vue-codemirror-4.0.6.tgz
CodeMirror component for Vue
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Findings
Details
🟠CVE-2020-7760
Vulnerable Library - codemirror-5.48.4.tgz
Full-featured in-browser code editor
Library home page: https://registry.npmjs.org/codemirror/-/codemirror-5.48.4.tgz
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Dependency Hierarchy:
Vulnerability Details
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Oct 30, 2020 11:10 AM
URL: CVE-2020-7760
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 5.5
Suggested Fix
Type: Upgrade version
Origin: GHSA-4gw3-8f77-f72c
Release Date: Oct 30, 2020 11:10 AM
Fix Resolution : codemirror - 5.58.2