Vulnerability Details CVE-2023-26115
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39
- https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657
- https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
- https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39
- https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657
- https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
Products affected by CVE-2023-26115
-
cpe:2.3:a:word-wrap_project:word-wrap:-
-
cpe:2.3:a:word-wrap_project:word-wrap:0.1.0
-
cpe:2.3:a:word-wrap_project:word-wrap:0.1.2
-
cpe:2.3:a:word-wrap_project:word-wrap:0.1.3
-
cpe:2.3:a:word-wrap_project:word-wrap:0.2.0
-
cpe:2.3:a:word-wrap_project:word-wrap:0.3.0
-
cpe:2.3:a:word-wrap_project:word-wrap:0.3.1
-
cpe:2.3:a:word-wrap_project:word-wrap:1.0.0
-
cpe:2.3:a:word-wrap_project:word-wrap:1.0.1
-
cpe:2.3:a:word-wrap_project:word-wrap:1.0.2
-
cpe:2.3:a:word-wrap_project:word-wrap:1.0.3
-
cpe:2.3:a:word-wrap_project:word-wrap:1.1.0
-
cpe:2.3:a:word-wrap_project:word-wrap:1.2.0
-
cpe:2.3:a:word-wrap_project:word-wrap:1.2.1
-
cpe:2.3:a:word-wrap_project:word-wrap:1.2.2
-
cpe:2.3:a:word-wrap_project:word-wrap:1.2.3