Regular Expression Denial of Service (ReDoS) - CVE-2023-26115

jonschlinkert / word-wrap

Wrap words to a specified length.

https://github.com/jonschlinkert

MIT License

194 stars 57 forks source link

Regular Expression Denial of Service (ReDoS) - CVE-2023-26115 #37

Closed FelipeSimoes closed 1 year ago

FelipeSimoes commented 1 year ago

Date: June 22, 2023 All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

https://www.mend.io/vulnerability-database/CVE-2023-26115

https://github.com/jonschlinkert/word-wrap/blob/786ebf1494354af16f23eda8231588928cf6f6a9/index.js#L39

stof commented 1 year ago

duplicate of #32

FelipeSimoes commented 1 year ago

https://www.npmjs.com/package/@aashutoshrathi/word-wrap