{"id":"CVE-2023-26115","details":"All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.","aliases":["GHSA-j8xg-fqg3-53r7"],"modified":"2026-03-14T11:59:31.052298Z","published":"2023-06-22T05:15:09.157Z","references":[{"type":"WEB","url":"https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39"},{"type":"ADVISORY","url":"https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jonschlinkert/word-wrap","events":[{"introduced":"0"},{"fixed":"f64b188c7261d26b99e1e2075d6b12f21798e83a"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.4"}]}}],"versions":["1.0.1","1.0.3","1.1.0","1.2.0","1.2.1","1.2.2","1.2.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26115.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}