CVE-2023-26115

Опубликовано: 22 июн. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

EPSS Низкий

Описание

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

Ссылки

https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39
Broken Link
https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657
Exploit
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
Exploit
Third Party Advisory
https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39
Broken Link
https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4
Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657
Exploit
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:word-wrap_project:word-wrap:*:*:*:*:*:node.js:*:*

Версия до 1.2.4 (исключая)

EPSS

Процентиль: 4%

0.0002

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1333

Связанные уязвимости

CVE-2023-26115

CVSS3: 7.5

redhat

около 2 лет назад

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

GHSA-j8xg-fqg3-53r7

CVSS3: 5.3

github

около 2 лет назад

word-wrap vulnerable to Regular Expression Denial of Service

BDU:2023-05201

CVSS3: 7.5

fstec

около 2 лет назад

Уязвимость модуля word-wrap программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 4%

0.0002

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1333