CNNVD-202506-2924 Information
CNNVD ID
CNNVD-202506-2924
Related CVE
- CNNVD Published: 2025-06-22
Description (Chinese)
CodeMirror是Codemirror团队的一个使用JavaScript为浏览器实现的多功能文本编辑器。该软件专门用于编辑代码,并具有100多种语言模式和各种插件,可实现更高级的编辑功能,每种语言都带有功能齐全的代码和语法高亮显示,以帮助阅读和编辑复杂代码。 CodeMirror 5.17.0及之前版本存在安全漏洞,该漏洞源于文件mode/markdown/markdown.js存在低效正则表达式复杂性。
Description (English)
CodeMirror is a multifunctional text editor of the Codemiror team that uses JavaScript for browsers. The software is dedicated to editing codes and has more than 100 language modes and various plugins, which allow for more advanced editorial functions, each with a high-profile, functional code and grammar display to help read and edit complex codes. CodeMirror 5.17.0 and previous versions had a security loophole, which stemmed from the inefficient regular expression complexity of document Mode/markdown/markdown.js.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Codemirror
Published
2025-06-22
Last Modified
2026-02-24
References
https://vuldb.com/?submit.598875 https://github.com/codemirror/codemirror5/issues/7128 https://vuldb.com/?ctiid.313610 https://vuldb.com/?id.313610
Patch
https://github.com/codemirror/codemirror5/releases
Share on: