Malicious code in angular-codemirror (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35dc347e24feed0c6db7e76db6a8158f89fea231443ed0a74ec4717d8eed1915 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Regular expression denial of Service

Overview codemirror before 5.58.2 is vulnerable to a regular expression denial of service. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex...

Regular expression denial of service in codemirror

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS...

0.8.18-p11 (=0.8.18-p12), 0hub (=1.0.0-beta.2) +1450 more potentially affected by CVE-2020-7760 via codemirror (>=2.33.0 <=5.58.1)

codemirror NPM version =2.33.0, =4.13.7-rc4, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.3, =0.1.1, =0.0.1, =0.1.0, =0.1.0, =1.0.2 and more Source cves: CVE-2020-7760 Source advisory: OSV:GHSA-4GW3-8F77-F72C...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker...

Security Bulletin: A security vulnerability in Node.js codemirror module affects IBM Cloud Pak for Multicloud Management.

Summary A security vulnerability in Node.js codemirror module affects IBM Cloud Pak for Multicloud Management. Vulnerability Details CVEID: CVE-2020-7760 DESCRIPTION: Node.js codemirror module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By...

Regular Expression Denial Of Service (ReDoS)

codemirror is vulnerable to regular expression denial of service. An attacker is able to cause a denial of service condition by passing long strings containing sub-pattern s|/.?/...

Regular Expression Denial Of Service (ReDoS)

codemirror is vulnerable to regular expression denial of service. An attacker is able to cause a denial of service condition through the submission of a malicious token...

Security Bulletin: Public disclosed vulnerabilities from codemirror affect IBM Spectrum LSF Suite for HPA

Summary Public disclosed vulnerabilities from codemirror affect IBM Spectrum LSF Suite for HPA. IBM Spectrum LSF Suite for HPA has addressed these issues. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

Security Bulletin: Public disclosed vulnerabilities from codemirror affect IBM Spectrum LSF Suite

Summary Public disclosed vulnerabilities from codemirror affect IBM Spectrum LSF Suite. IBM Spectrum LSF Suite has addressed these issues. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

Security Bulletin: Vulnerabilities in codemirror affect Spectrum LSF Application Center

Summary There are vulnerabilities in codemirror used by IBM Spectrum LSF Application Center. IBM Spectrum LSF Application Center has addressed these issues. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: Public disclosed vulnerabilities from codemirror affect IBM Spectrum LSF Explorer

Summary Public disclosed vulnerabilities from codemirror affect IBM Spectrum LSF Explorer. IBM Spectrum LSF Explorer has addressed these vulnerabilities. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Debian DSA-4789-1 : codemirror-js - security update

It was discovered that codemirror, a browser-based text editor implemented in JavaScript, was vulnerable to regular expression denial-of-service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4789. The text...

Debian: Security Advisory (DSA-4789-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4789-1] codemirror-js security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4789-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 12, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4789-1] codemirror-js security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4789-1 [email protected] https://www.debian.org/security/ Sebastien Delafond November 12, 2020 https://www.debian.org/security/faq -...

DSA-4789-1 codemirror-js - security update

Bulletin has no description...

Security Bulletin: App Connect Enterprise Certified Container Designer instances may be vulnerable to CVE-2020-7760

Summary Some flow editor dialogs in a Designer instance App Connect Enterprise Certified Container may be vulnerable to a regular expression denial of service flaw that could make that Designer instance unresponsive. Vulnerability Details CVEID: CVE-2020-7760 DESCRIPTION: Node.js codemirror modul...

Regular Expression Denial Of Service (ReDoS)

codemirror is vulnerable to regular expression denial of service ReDoS. An attacker is able to cause a denial of service condition by passing long strings containing sub-pattern s|/.?/...

CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS...