gribakovs
commented
1 year ago https://nvd.nist.gov/vuln/detail/CVE-2023-26115
The word-wrap package is vulnerable to Regular Expression Denial of Service (ReDoS) attacks. The index.js file fails to efficiently remove trailing empty spaces from a given input. An attacker can exploit this vulnerability by submitting a long repetitive input which, when parsed by this library, will exhaust available resources and ultimately result in a DoS condition.
CVE CVSS 3 severity is 7.5 now.
Please address this issue ASAP.
Can I request for update?