Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Snyk scan reports "word-wrap Regular Expression Denial of Service (ReDoS) " #36

Closed
dashjuthika opened this issue Jun 13, 2023 · 3 comments
Closed

[Bug]: Snyk scan reports "word-wrap Regular Expression Denial of Service (ReDoS) " #36

dashjuthika opened this issue Jun 13, 2023 · 3 comments

Comments

@dashjuthika
Copy link

word-wrap VULNERABILITY: CWE-1333 CVE-2023-26115 CVSS 5.3 (MEDIUM)

I expected to be a clean snyk scan but setting below vulnerability :

image

https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
Did not have any issue with previous puppeteer version as it was using "wordwrap" instead of "word-wrap"
@dashjuthika dashjuthika mentioned this issue Jun 13, 2023
Closed
2 tasks
@aalejandromr
Copy link

^ bump on this one. Using https://github.com/bpampuch/pdfmake and word-wrap is one of the dependencies with the ReDoS vulnerability.

@jonschlinkert let us know if you need more information on the issue or if you are looking for contributors for this issue.

Thanks

@stof
Copy link

stof commented Jun 22, 2023

duplicate of #32

@doowb
Copy link
Collaborator

doowb commented Jul 18, 2023

Fixed in word-wrap@1.2.4.

@doowb doowb closed this as completed Jul 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stof @doowb @aalejandromr @dashjuthika