Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Oracle Subscribe
Filtered by product Enterprise Manager Express User Interface
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7760 2 Codemirror, Oracle 6 Codemirror, Application Express, Enterprise Manager Express User Interface and 3 more 2022-05-12 5.0 MEDIUM 7.5 HIGH
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*