正文

CodeMirror 资源管理错误漏洞

admin
admin V管理员 /0 评论 /21 阅读
0302
此篇文章发布距今已超过1159天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

CodeMirror 资源管理错误漏洞

  • CNNVD编号:CNNVD-202010-1679
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2020-7760
  • 漏洞类型: 资源管理错误
  • 发布时间: 2020-10-30
  • 威胁类型: 远程
  • 更新时间: 2021-07-22
  • 厂        商:
  • 漏洞来源:

漏洞简介

CodeMirror是CodeMirror(Codemirror)团队的一个使用JavaScript为浏览器实现的多功能文本编辑器。该软件专门用于编辑代码,并具有100多种语言模式和各种插件,可实现更高级的编辑功能,每种语言都带有功能齐全的代码和语法高亮显示,以帮助阅读和编辑复杂代码。

codemirror 5.58.2 之前版本和org.apache.marmotta.webjars:codemirror 5.58.2 之前版本存在资源管理错误漏洞。该漏洞源于blob/cdb228ac736369c685865b122b736cd0d397836c、mode/javascript/javascript.jsL 129行中的 (s|/*.*?*/)* 正则表达式逻辑错误。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb

参考网址

来源:CONFIRM

链接:https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450

来源:CONFIRM

链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449

来源:CONFIRM

链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446

来源:CONFIRM

链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447

来源:CONFIRM

链接:https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937

来源:CONFIRM

链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445

来源:CONFIRM

链接:https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb

来源:CONFIRM

链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448

来源:DEBIAN

链接:https://www.debian.org/security/2020/dsa-4789

来源:MISC

链接:https://www.oracle.com/security-alerts/cpuApr2021.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021072053

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2020-7760

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4036/

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpuapr2021.html

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-integration-bus-cve-2020-7760/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-codemirror-module-affects-ibm-cloud-automation-manager/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-codemirror-module-affects-ibm-cloud-pak-for-multicloud-management/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-2/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021072112

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021042106

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-designer-instances-may-be-vulnerable-to-cve-2020-7760-2/

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Node-js-codemirror-overload-via-Regular-Expression-35350

来源:www.oracle.com

链接:https://www.oracle.com/security-alerts/cpujul2021.html

受影响实体

    暂无


补丁

  • CodeMirror 资源管理错误漏洞的修复措施
    <!--
    2020-10-30
    -->