Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:codemirror:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductCodemirror (3b1ad9d1-f5bb-5748-a95b-a7b3a8bf0362)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-6493 vulnerable 2026-06-08 07:43:15.163174 CodeMirror Markdown Mode markdown.js redos
MEDIUM (5.3)
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."
Published: 2025-06-22T22:00:10.483Z
Updated: 2025-09-29T13:48:37.784Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-7760 vulnerable 2026-06-08 05:27:14.190417 Regular Expression Denial of Service (ReDoS)
MEDIUM (5.3)
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*
Published: 2020-10-30T11:10:32.942Z
Updated: 2024-09-17T01:06:44.297Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.