Published: 22/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
word-wrap project word-wrap

Synopsis Moderate: Logging Subsystem 573 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Logging Subsystem 573 Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Important: Migration Toolkit for Containers (MTC) 180 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 180 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Important: Network Observability 140 for OpenShift Type/Severity Security Advisory: Important Topic Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agentThe operator provides dashboards, metrics, and keeps flow ...

Synopsis Important: Red Hat OpenShift Data Foundation 4133 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4133 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this upda ...

Synopsis Important: OpenShift Container Platform 4146 security and extras update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4146 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 414 ...

DescriptionThe MITRE CVE dictionary describes this issue as: All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable ...

A Collection of Components to make your React code simpler

simple-widgets A Collection of components to make your React code simpler Supports React 1702 and React 18x From Synk Reports: H - word-wrap Regular Expression Denial of Service (ReDoS) Vulnerability CWE-1333 CVE-2023-26115 CVSS 75 HIGH SNYK-JS-WORDWRAP-3149973 Introduced through: pdfmake@027 Exploit maturity: PROOF OF CONCEPT Introduced through: simple-widgets@1354 &r

maintained version of word wrap

word-wrap-next Wrap words to a specified length This is a close of the currently unmaintained npm package word-wrap It includes the fix for CVE-2023-26115 I decided to maintain this package for now Install Install with npm: $ npm install --save word-wrap-next // or simpler $ npm i word-wrap-next Usage var wrap = require('wo

CWE-1333 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657 https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39 https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973 https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:3998 https://github.com/martinjackson/simple-widgets https://access.redhat.com/security/cve/cve-2023-26115

CVE-2023-26115

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect