Codemirror
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:codemirror:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Codemirror (3b1ad9d1-f5bb-5748-a95b-a7b3a8bf0362) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-6493 |
vulnerable | 2026-06-08 07:43:15.163174 |
CodeMirror Markdown Mode markdown.js redos
MEDIUM (5.3)
A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."
Published: 2025-06-22T22:00:10.483Z
Updated: 2025-09-29T13:48:37.784Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7760 |
vulnerable | 2026-06-08 05:27:14.190417 |
Regular Expression Denial of Service (ReDoS)
MEDIUM (5.3)
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*
Published: 2020-10-30T11:10:32.942Z
Updated: 2024-09-17T01:06:44.297Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.