CVE-2023-26115: word-wrap vulnerable to Regular Expression Denial of Service
(updated )
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
References
- github.com/advisories/GHSA-j8xg-fqg3-53r7
- github.com/jonschlinkert/word-wrap
- github.com/jonschlinkert/word-wrap/blob/master/index.js
- github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39
- github.com/jonschlinkert/word-wrap/commit/420dce9a2412b21881202b73a3c34f0edc53cb2e
- github.com/jonschlinkert/word-wrap/releases/tag/1.2.4
- nvd.nist.gov/vuln/detail/CVE-2023-26115
- security.netapp.com/advisory/ntap-20240621-0006
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657
- security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
Detect and mitigate CVE-2023-26115 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →