logo

Database

Asymmetric denial of service - ReDoS In word-wrap

Description

word-wrap vulnerable to Regular Expression Denial of Service All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-261152. NVD-2023-261153. OSV-2023-261154. GCVE-2023-26115

References

1. https://github.com/jonschlinkert/word-wrap/commit/420dce9a2412b21881202b73a3c34f0edc53cb2e2. https://github.com/jonschlinkert/word-wrap/blob/master/index.js#L393. https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L394. https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.45. https://security.netapp.com/advisory/ntap-20240621-0006

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.