Back to bug 2216827

Who When What Removed Added
Anten Skrabec 2023-06-22 19:34:40 UTC CC aazores, adupliak, aileenc, alampare, alazarot, amctagga, aveerama, bdettelb, boliveir, cluster-maint, dcadzow, dhanak, dkenigsb, drichtar, dymurray, eaguilar, ebaron, ellin, emingora, eric.wittmann, fdeutsch, gjospin, gmalinko, gparvin, grafana-maint, gzaronik, hbraun, ibek, ibolton, idevat, janstey, jcantril, jkang, jkoehler, jkurik, jmatthew, jmontleo, jpallich, jpavlik, jrokos, jscotka, jshaughn, jwendell, kverlaen, lbacciot, mlisik, mnovotny, mpitt, mpospisi, nathans, nbecker, nboldt, njean, ocs-bugs, omular, oramraz, owatkins, pahickey, pantinor, pdelbell, pdrozd, peholase, periklis, pjindal, pskopek, rcernich, release-test-team, rgarg, rguimara, rjohnson, rowaters, saroy, scorneli, scox, sfroberg, sgott, shbose, slucidi, smullick, sseago, stcannon, sthorger, teagle, tojeline, twalsh, ubhargav
Anten Skrabec 2023-06-22 19:34:56 UTC Alias CVE-2023-26115 TRIAGE-CVE-2023-26115
Summary CVE-2023-26115 word-wrap: ReDoS TRIAGE-CVE-2023-26115 word-wrap: ReDoS
Anten Skrabec 2023-06-22 19:39:00 UTC Blocks 2216830
Anten Skrabec 2023-06-22 19:48:35 UTC Depends On 2216833, 2216831, 2216832, 2216837, 2216838, 2216840, 2216835, 2216839, 2216836, 2216842, 2216841, 2216834
Anten Skrabec 2023-06-22 19:50:21 UTC Depends On 2216844
Sandipan Roy 2023-06-23 04:38:36 UTC CC dfreiber, jburrell, rogbas, vkumar
Avinash Hanwate 2023-06-23 04:57:28 UTC Summary TRIAGE-CVE-2023-26115 word-wrap: ReDoS CVE-2023-26115 word-wrap: ReDoS
Doc Text Node.js word-wrap module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the result variable. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Alias TRIAGE-CVE-2023-26115 CVE-2023-26115
Avinash Hanwate 2023-06-23 04:58:07 UTC Depends On 2216896, 2216895, 2216894
Avinash Hanwate 2023-06-23 09:12:49 UTC Alias CVE-2023-26115 TRIAGE-CVE-2023-26115
Summary CVE-2023-26115 word-wrap: ReDoS word-wrap: ReDoS
Avinash Hanwate 2023-06-23 09:13:30 UTC Alias TRIAGE-CVE-2023-26115 CVE-2023-26115
Avinash Hanwate 2023-06-23 09:14:01 UTC Summary word-wrap: ReDoS CVE-2023-26115 word-wrap: ReDoS
RaTasha Tillery-Smith 2023-06-23 13:13:25 UTC Doc Text Node.js word-wrap module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the result variable. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Rodrigo A B Freire 2023-06-26 18:14:31 UTC CC acrosby, caswilli, dffrench, dhalasz, dkuc, fdupont, fjansen, hkataria, jmitchel, jtanner, kaycoth, kshier
CC , micjohns, mresvani, ngough, psegedy, rgodfrey, sthirugn, tcarlin, tkasparek, tsasak, vkrizan, vmugicag
Depends On 2217094
Flags needinfo?(pdelbell)
CC rfreire
Rodrigo A B Freire 2023-06-26 18:26:58 UTC Flags needinfo?(pdelbell) needinfo?(rfreire)
Rodrigo A B Freire 2023-06-26 19:46:40 UTC Flags needinfo?(rfreire)
CC rfreire
Red Hat Bugzilla 2023-07-07 08:33:57 UTC Assignee security-response-team nobody
Red Hat Bugzilla 2023-07-08 04:16:51 UTC CC acrosby
errata-xmlrpc 2023-07-12 17:58:11 UTC Link ID Red Hat Product Errata RHSA-2023:3998
Product Security DevOps Team 2023-07-12 22:21:21 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2023-07-12 22:21:21 UTC
Zack Miele 2023-07-25 19:55:13 UTC Fixed In Version word-wrap 1.2.4
Patrick Del Bello 2023-07-31 17:41:39 UTC Severity medium high
Priority medium high

Back to bug 2216827