search

loftwah / shop.grindmodecypher.com

This is the repository for shop.grindmodecypher.com. A website I have built, and maintain for the music group I am in called Grind Mode Cypher.
https://shop.grindmodecypher.com
GNU General Public License v3.0
2 stars 0 forks source link

CVE-2020-7760 (Medium) detected in javascript-5.18.0.js, codemirror-5.18.2.js - autoclosed #20

Closed mend-bolt-for-github[bot] closed 2 years ago

mend-bolt-for-github[bot] commented 3 years ago

CVE-2020-7760 - Medium Severity Vulnerability

Vulnerable Libraries - javascript-5.18.0.js, codemirror-5.18.2.js

javascript-5.18.0.js

In-browser code editing made bearable

Library home page: https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.18.0/mode/javascript/javascript.js

Path to dependency file: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/javascript/typescript.html

Path to vulnerable library: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pug/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pegjs/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/htmlembedded/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/soy/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haml/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/gfm/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ebnf/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/htmlmixed/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vue/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/jsx/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/php/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/slim/../javascript/javascript.js

Dependency Hierarchy: - :x: **javascript-5.18.0.js** (Vulnerable Library)

codemirror-5.18.2.js

In-browser code editing made bearable

Library home page: https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.18.2/codemirror.js

Path to dependency file: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/yacas/index.html

Path to vulnerable library: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/yacas/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pug/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/velocity/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/textile/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haxe/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/protobuf/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/idl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/nginx/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/solr/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/q/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/powershell/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/yaml-frontmatter/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/soy/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sas/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/d/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/javascript/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/slim/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/dylan/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/handlebars/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sass/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/toml/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/cypher/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/elm/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/julia/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mllike/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/tcl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/oz/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/modelica/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/rust/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mscgen/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mathematica/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/rst/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/livescript/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haml/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sieve/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ebnf/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/xquery/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/commonlisp/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/twig/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/smarty/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/cobol/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vb/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/smalltalk/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/lua/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/dart/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vue/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ntriples/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pascal/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/scheme/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pegjs/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/stex/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/asn.1/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/tiddlywiki/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ruby/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haskell-literate/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/htmlmixed/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/nsis/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sql/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pig/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/perl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haskell/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/erlang/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/brainfuck/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/diff/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/jinja2/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/asciiarmor/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/xml/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/django/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mirc/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/rpm/changes/../../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/htmlembedded/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ecl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clojure/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ttcn-cfg/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vhdl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/gfm/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/http/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/crystal/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/properties/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/coffeescript/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/markdown/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/css/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/shell/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/factor/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/apl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/z80/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/spreadsheet/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/fcl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/python/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/dtd/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/dockerfile/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/stylus/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/go/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/eiffel/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/verilog/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/troff/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/webidl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/turtle/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/tornado/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/swift/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/forth/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ttcn/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/rpm/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/yaml/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/fortran/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/octave/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/tiki/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/gas/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mumps/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vbscript/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sparql/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/php/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/asterisk/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/puppet/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/jsx/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/r/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/groovy/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mbox/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/gherkin/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/cmake/../../lib/codemirror.js

Dependency Hierarchy: - :x: **codemirror-5.18.2.js** (Vulnerable Library)

Found in HEAD commit: 71aa041ac41d7e5c1657a2d660e0f48c6fc21e2f

Found in base branch: master

Vulnerability Details

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*

Publish Date: 2020-10-30

URL: CVE-2020-7760

CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760

Release Date: 2020-07-21

Fix Resolution: codemirror - 5.58.2

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

mend-bolt-for-github[bot] commented 2 years ago

:heavy_check_mark: This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.