All versions of word-wrap is vulnerable to ReDoS (CVE-2023-26115)

jonschlinkert / word-wrap

Wrap words to a specified length.

https://github.com/jonschlinkert

MIT License

193 stars 57 forks source link

All versions of word-wrap is vulnerable to ReDoS (CVE-2023-26115) #38

Closed mo-alaa closed 1 year ago

mo-alaa commented 1 year ago

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

More info here: https://www.mend.io/vulnerability-database/CVE-2023-26115

stof commented 1 year ago

duplicate of #32

doowb commented 1 year ago

Fixed in word-wrap@1.2.4.