CVE-2020-7760
Regular Expression Denial of Service (ReDoS)
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*
We have discovered 2,544 live websites that are affected by CVE-2020-7760.
Affected Software
| Product |  CodeMirror |
| Category | Editors |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 107 |
| Vulnerable Domains | 2,544 live websites (96.44% of CodeMirror install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7760 and the relative popularity of websitesDetails
- Published - Oct 30, 2020
- Updated - Apr 20, 2022
Credits
- Yeting Li
CVE References
CWE References
Countries
 United States | 929 websites |
 France | 205 websites |
 Germany | 185 websites |
 GB | 125 websites |
 Czech Republic | 116 websites |
 South Africa | 106 websites |
 Netherlands | 69 websites |
 Russia | 59 websites |
 Italy | 51 websites |
 Canada | 47 websites |
TLDs
| .com | 1,013 websites |
| .org | 205 websites |
| .cz | 110 websites |
| .net | 104 websites |
| .de | 96 websites |
| .fr | 94 websites |
| .co.uk | 67 websites |
| .nl | 58 websites |
| .io | 42 websites |
| .ru | 41 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2020-7760 through included software libraries and plugins.References
- https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450
- https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
- https://www.debian.org/security/2020/dsa-4789
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
Websites affected by CVE-2020-7760
Top websites that are affected by CVE-2020-7760. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com | *** | ||
| **********.com |  Nepal | *,*** | |
| ****.******.com | United States | *,*** | |
| ********.io |  Austria | **,*** | |
| ****.********.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| ****.********.me | United States | **,*** | |
| ***.******.com | United States | **,*** | |
| ******.*********.org | United States | **,*** | |
| *******.sk |  Slovakia | **,*** |