word-wrap vulnerable to Regular Expression Denial of Service

Description

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

Repository: OpenNMS/alec (https://github.com/OpenNMS/alec)
Dependabot: https://github.com/OpenNMS/alec/security/dependabot/27
CVE: CVE-2023-26115
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
GHSA: GHSA-j8xg-fqg3-53r7
Severity: medium
Ecosystem: npm
Package Name: word-wrap
Vulnerable Version Range: < 1.2.4
First Patched Version: 1.2.4

Activity

Show:

Details
Assignee
Unassigned
Reporter
onms security jira
Labels
dependabotsecurity
Priority
Trivial

PagerDuty

Created July 21, 2023 at 10:27 PM

Updated July 21, 2023 at 10:27 PM

word-wrap vulnerable to Regular Expression Denial of Service

Description

Activity

DetailsAssigneeUnassignedUnassignedReporteronms security jiraonms security jiraLabelsdependabotsecurityPriorityTrivial

Details

Assignee

Reporter

Labels

Priority

PagerDutyPagerDuty Incident

PagerDuty

Flag notifications

Something's gone wrong

Something's gone wrong

Details
Assignee
Unassigned
Reporter
onms security jira
Labels
dependabotsecurity
Priority
Trivial

PagerDuty