-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability was specifically addressed by replacing the insecure regex-based trimming with a manual trimming function (trimTabAndSpaces) in the commit. The original vulnerable code path occurred when options.trim=true, where the regex /[ \t]$/gm was used with global and multiline flags. This regex's greedy quantifier () on a character class with line endings creates exponential backtracking possibilities. The commit diff, CVE description referencing 'result variable' processing, and Snyk's PoC all confirm this was the vulnerable code path.
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| word-wrap | npm | < 1.2.4 | 1.2.4 |
KEV Misses 88% of Exploited CVEs- Get the report