Описание
word-wrap vulnerable to Regular Expression Denial of Service
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-26115
- https://github.com/jonschlinkert/word-wrap/commit/420dce9a2412b21881202b73a3c34f0edc53cb2e
- https://github.com/jonschlinkert/word-wrap/blob/master/index.js#L39
- https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39
- https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657
- https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
Пакеты
Наименование
word-wrap
npm
Затронутые версииВерсия исправления
< 1.2.4
1.2.4
Связанные уязвимости
CVSS3: 7.5
redhat
около 2 лет назад
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
CVSS3: 5.3
nvd
около 2 лет назад
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
CVSS3: 7.5
fstec
около 2 лет назад
Уязвимость модуля word-wrap программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании