All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
References
Link | Resource |
---|---|
https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39 | Broken Link |
https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240621-0006/ | |
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657 | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2023-06-22T05:00:01.472Z
Updated: 2024-06-26T19:11:06.508Z
Reserved: 2023-02-20T10:28:48.922Z
Link: CVE-2023-26115
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-22T05:15:09.157
Modified: 2024-06-21T19:15:25.887
Link: CVE-2023-26115
JSON object: View
Redhat Information
No data.
CWE