Regular Expression Denial of Service (ReDoS) - CVE-2023-26115

[tiagojufr]

Hello,

Today DependencyTrack found this vulnerability in my project.

The issue seems to come from this line.

I know this project hasn't been updated for some years, so should we expect a fix? This is a transitive dependency of eslint, so I believe this issue will get a lot of attention.

Thanks!

[aashutoshrathi]

What can be possible solution to not use regex?
As I understand all it has do with is the performance of regex, if there are any active maintainers, I can tak a stab on this one

[aashutoshrathi]

Please check this: #33

[SharpFu]

I also need you fix the issue for my project if you have free time. @jonschlinkert @hildjj
@toddself @zachhale
for eslint, there will throw a error:

[aashutoshrathi]

You can use this @SharpFu

[SharpFu]

@aashutoshrathi how to check it is ok or not. I have re-install ,but not found your package in node_modules

[aashutoshrathi]

@SharpFu you'll find the same folder word-wrap in node_modules.
But when you'll check the contents, it'll be from the forked package.