{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-26115", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2023-02-20T10:28:48.922Z", "datePublished": "2023-06-22T05:00:01.472Z", "dateUpdated": "2024-08-02T11:39:06.643Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"}}], "credits": [{"value": "Carter Snook", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1333", "description": "Regular Expression Denial of Service (ReDoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2023-06-22T05:00:01.472Z"}, "descriptions": [{"value": "All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.\r\r", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973"}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657"}, {"url": "https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39"}, {"url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "affected": [{"product": "word-wrap", "versions": [{"version": "0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}, {"product": "org.webjars.npm:word-wrap", "versions": [{"version": "0", "lessThan": "*", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:10:49.434426Z", "id": "CVE-2023-26115", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:11:06.508Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:39:06.643Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657", "tags": ["x_transferred"]}, {"url": "https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39", "tags": ["x_transferred"]}, {"url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973", "tags": ["x_transferred"]}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657", "tags": ["x_transferred"]}, {"url": "https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39", "tags": ["x_transferred"]}, {"url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:39:06.643Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-26115", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T19:10:49.434426Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:11:02.826Z"}}], "cna": {"credits": [{"lang": "en", "value": "Carter Snook"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "n/a", "product": "word-wrap", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}]}, {"vendor": "n/a", "product": "org.webjars.npm:word-wrap", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973"}, {"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657"}, {"url": "https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39"}, {"url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "descriptions": [{"lang": "en", "value": "All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.\r\r"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1333", "description": "Regular Expression Denial of Service (ReDoS)"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2023-06-22T05:00:01.472Z"}}}, "cveMetadata": {"cveId": "CVE-2023-26115", "state": "PUBLISHED", "dateUpdated": "2024-08-02T11:39:06.643Z", "dateReserved": "2023-02-20T10:28:48.922Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2023-06-22T05:00:01.472Z", "assignerShortName": "snyk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:word-wrap_project:word-wrap:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "F9B3A751-DF84-4680-B6CB-4D30C7F9FF5D", "versionEndExcluding": "1.2.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.\r\r"}], "id": "CVE-2023-26115", "lastModified": "2024-06-21T19:15:25.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2023-06-22T05:15:09.157", "references": [{"source": "report@snyk.io", "tags": ["Broken Link"], "url": "https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4"}, {"source": "report@snyk.io", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1333"}], "source": "report@snyk.io", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:5379", "cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9", "package": "network-observability/network-observability-console-plugin-rhel9:v1.4.0-42", "product_name": "NETWORK-OBSERVABILITY-1.4.0-RHEL-9", "release_date": "2023-09-28T00:00:00Z"}, {"advisory": "RHSA-2023:5379", "cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9", "package": "network-observability/network-observability-ebpf-agent-rhel9:v1.4.0-42", "product_name": "NETWORK-OBSERVABILITY-1.4.0-RHEL-9", "release_date": "2023-09-28T00:00:00Z"}, {"advisory": "RHSA-2023:5379", "cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9", "package": "network-observability/network-observability-flowlogs-pipeline-rhel9:v1.4.0-42", "product_name": "NETWORK-OBSERVABILITY-1.4.0-RHEL-9", "release_date": "2023-09-28T00:00:00Z"}, {"advisory": "RHSA-2023:5379", "cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9", "package": "network-observability/network-observability-operator-bundle:1.4.0-55", "product_name": "NETWORK-OBSERVABILITY-1.4.0-RHEL-9", "release_date": "2023-09-28T00:00:00Z"}, {"advisory": "RHSA-2023:5379", "cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9", "package": "network-observability/network-observability-rhel9-operator:v1.4.0-42", "product_name": "NETWORK-OBSERVABILITY-1.4.0-RHEL-9", "release_date": "2023-09-28T00:00:00Z"}, {"advisory": "RHSA-2023:5447", "cpe": "cpe:/a:redhat:rhmt:1.8::el8", "package": "rhmtc/openshift-migration-ui-rhel8:v1.8.0-7", "product_name": "Red Hat Migration Toolkit for Containers 1.8", "release_date": "2023-10-05T00:00:00Z"}, {"advisory": "RHSA-2023:5006", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-monitoring-plugin-rhel8:v4.14.0-202310201027.p0.g8757197.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-10-31T00:00:00Z"}, {"advisory": "RHSA-2023:7681", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/nmstate-console-plugin-rhel8:v4.14.0-202312011333.p0.g8dc4a62.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2023-12-12T00:00:00Z"}, {"advisory": "RHSA-2023:5376", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.13::el9", "package": "odf4/odf-console-rhel9:v4.13.3-1", "product_name": "RHODF-4.13-RHEL-9", "release_date": "2023-09-27T00:00:00Z"}, {"advisory": "RHSA-2023:3998", "cpe": "cpe:/a:redhat:logging:5.7::el8", "package": "openshift-logging/logging-view-plugin-rhel8:v5.7.3-6", "product_name": "RHOL-5.7-RHEL-8", "release_date": "2023-07-12T00:00:00Z"}], "bugzilla": {"description": "word-wrap: ReDoS", "id": "2216827", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216827"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-1333", "details": ["All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.", "A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service."], "name": "CVE-2023-26115", "package_state": [{"cpe": "cpe:/a:redhat:amq_interconnect:1", "fix_state": "Affected", "package_name": "word-wrap", "product_name": "A-MQ Interconnect 1"}, {"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Not affected", "package_name": "word-wrap", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Affected", "package_name": "mta/mta-ui-rhel8", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Not affected", "package_name": "org.jboss.windup-windup-parent", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Will not fix", "package_name": "migration-toolkit-virtualization/mtv-ui-rhel8", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Will not fix", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "acm-cluster-templates-console-plugin-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/search-api-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:amq_online:1", "fix_state": "Will not fix", "package_name": "word-wrap", "product_name": "Red Hat A-MQ Online"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "word-wrap", "product_name": "Red Hat build of Apicurio Registry"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "word-wrap", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "word-wrap", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "word-wrap", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Will not fix", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cockpit", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cockpit-appstream", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cockpit-podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "impact": "low", "package_name": "word-wrap", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "word-wrap", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/mcg-core-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/console-plugin-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "word-wrap", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "word-wrap", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2023-06-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-26115\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26115"], "threat_severity": "Important", "upstream_fix": "word-wrap 1.2.4"}