Inefficient Regular Expression Complexity Affecting grafana-mysql package, versions *
Threat Intelligence
EPSS
0.11% (46th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-GRAFANAMYSQL-5735267
- published 23 Jun 2023
- disclosed 22 Jun 2023
Introduced: 22 Jun 2023
CVE-2023-26115 Open this link in a new tabHow to fix?
There is no fixed version for Centos:8 grafana-mysql.
NVD Description
Note: Versions mentioned in the description apply only to the upstream grafana-mysql package and not the grafana-mysql package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
References
- https://access.redhat.com/security/cve/CVE-2023-26115
- https://github.com/jonschlinkert/word-wrap/blob/master/index.js%23L39
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657
- https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
- https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4
- https://security.netapp.com/advisory/ntap-20240621-0006/
CVSS Scores
version 3.1