search

jonschlinkert / word-wrap

Wrap words to a specified length.
https://github.com/jonschlinkert
MIT License
193 stars 57 forks source link

Regular Expression Denial of Service #44

Closed aalejandromr closed 1 year ago

aalejandromr commented 1 year ago

Snyk has a security vulnerability report for word-wrap version 1.2.4 https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973

bolt-io commented 1 year ago

1.2.3 had the vulnerability. It was fixed in #41 and version 1.2.4

doowb commented 1 year ago

Correct, this is fixed in 1.2.4.

@snyk @lirantal when will this be updated?

lirantal commented 1 year ago

Thanks for the ping. I'll share with the security analysts team and get this looked at.

lirantal commented 1 year ago

This should be fixed @1.2.4 as of last Thursday, see here: https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973 Let me know if we're still missing anything.

doowb commented 1 year ago

Thanks!