word-wrap vulnerable to Regular Expression Denial of Service

Description

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

Repository: OpenNMS/grafana-plugin (https://github.com/OpenNMS/grafana-plugin)
Dependabot: https://github.com/OpenNMS/grafana-plugin/security/dependabot/78
CVE: CVE-2023-26115
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
GHSA: GHSA-j8xg-fqg3-53r7
Severity: medium
Ecosystem: npm
Package Name: word-wrap
Vulnerable Version Range: <= 1.2.3
First Patched Version:

Activity

Show:

Details
Assignee
Unassigned
Reporter
onms security jira
Labels
dependabotsecurity
Priority
Trivial

PagerDuty

Created July 18, 2023 at 12:55 PM

Updated July 18, 2023 at 12:55 PM

Configure

word-wrap vulnerable to Regular Expression Denial of Service

Description

Activity

DetailsAssigneeUnassignedUnassignedReporteronms security jiraonms security jiraLabelsdependabotsecurityPriorityTrivial

Details

Assignee

Reporter

Labels

Priority

PagerDutyPagerDuty Incident

PagerDuty

Details
Assignee
Unassigned
Reporter
onms security jira
Labels
dependabotsecurity
Priority
Trivial

PagerDuty