📂 Vulnerable Library - vue-codemirror-4.0.6.tgz
CodeMirror component for Vue
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2020-7760 |
🟠 Medium |
5.3 |
Proof of concept |
< 1% |
codemirror-5.48.4.tgz |
Transitive |
N/A |
❌ |
 Unreachable |
| CVE-2025-6493 |
🟠 Medium |
5.3 |
Proof of concept |
< 1% |
codemirror-5.48.4.tgz |
Transitive |
N/A |
❌ |
Unreachable |
Details
🟠CVE-2020-7760
Vulnerable Library - codemirror-5.48.4.tgz
Full-featured in-browser code editor
Library home page: https://registry.npmjs.org/codemirror/-/codemirror-5.48.4.tgz
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Dependency Hierarchy:
- vue-codemirror-4.0.6.tgz (Root Library)
- ❌ codemirror-5.48.4.tgz (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Oct 30, 2020 11:10 AM
URL: CVE-2020-7760
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
Release Date: Oct 30, 2020 11:10 AM
Fix Resolution : codemirror - 5.58.2
🟠CVE-2025-6493
Vulnerable Library - codemirror-5.48.4.tgz
Full-featured in-browser code editor
Library home page: https://registry.npmjs.org/codemirror/-/codemirror-5.48.4.tgz
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Dependency Hierarchy:
- vue-codemirror-4.0.6.tgz (Root Library)
- ❌ codemirror-5.48.4.tgz (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."
- While the issue was reported up to version 5.17.0, the problematic patterns persisted in versions after that. In version 6.x, the issue has been resolved.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Jun 22, 2025 10:00 PM
URL: CVE-2025-6493
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
📂 Vulnerable Library - vue-codemirror-4.0.6.tgz
CodeMirror component for Vue
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Findings
Details
🟠CVE-2020-7760
Vulnerable Library - codemirror-5.48.4.tgz
Full-featured in-browser code editor
Library home page: https://registry.npmjs.org/codemirror/-/codemirror-5.48.4.tgz
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Dependency Hierarchy:
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Oct 30, 2020 11:10 AM
URL: CVE-2020-7760
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
Release Date: Oct 30, 2020 11:10 AM
Fix Resolution : codemirror - 5.58.2
🟠CVE-2025-6493
Vulnerable Library - codemirror-5.48.4.tgz
Full-featured in-browser code editor
Library home page: https://registry.npmjs.org/codemirror/-/codemirror-5.48.4.tgz
Path to dependency file: /src/Administration/Resources/app/administration/build/nuxt-component-library/package.json
Dependency Hierarchy:
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: Jun 22, 2025 10:00 PM
URL: CVE-2025-6493
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 5.3
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :