Moderate severityNVD Advisory· Published Jun 22, 2023· Updated Feb 13, 2025
CVE-2023-26115
CVE-2023-26115
Description
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
word-wrapnpm | < 1.2.4 | 1.2.4 |
Affected products
2- word-wrap/word-wrapdescription
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-j8xg-fqg3-53r7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-26115ghsaADVISORY
- github.com/jonschlinkert/word-wrap/blob/master/index.jsghsaWEB
- github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39ghsaWEB
- github.com/jonschlinkert/word-wrap/commit/420dce9a2412b21881202b73a3c34f0edc53cb2eghsaWEB
- github.com/jonschlinkert/word-wrap/releases/tag/1.2.4ghsaWEB
- security.netapp.com/advisory/ntap-20240621-0006ghsaWEB
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657ghsaWEB
- security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973ghsaWEB
- security.netapp.com/advisory/ntap-20240621-0006/mitre
News mentions
0No linked articles in our index yet.