CVE-2020-7760 (Medium) detected in codemirror-5.30.0.js, codemirror-5.30.0.tgz - autoclosed #158
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
|
ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #159 |
1 similar comment
|
ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #159 |
mend-bolt-for-github
bot
changed the title
mend-bolt-for-github
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2020-7760 - Medium Severity Vulnerability
codemirror-5.30.0.js
In-browser code editing made bearable
Library home page: https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.30.0/codemirror.js
Path to dependency file: brackets/src/node_modules/codemirror/mode/rpm/changes/index.html
Path to vulnerable library: /src/node_modules/codemirror/mode/rpm/changes/../../../lib/codemirror.js
Dependency Hierarchy:
codemirror-5.30.0.tgz
Full-featured in-browser code editor
Library home page: https://registry.npmjs.org/codemirror/-/codemirror-5.30.0.tgz
Path to dependency file: brackets/src/package.json
Path to vulnerable library: /src/node_modules/codemirror/package.json
Dependency Hierarchy:
Found in HEAD commit: 3fa45ae9a1a5190c6d0729a3d4b58907c1ad749e
Found in base branch: master
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Publish Date: 2020-10-30
URL: CVE-2020-7760
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
Release Date: 2020-07-21
Fix Resolution: codemirror - 5.58.2
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: