Fix word-wrap — CVE-2023-26115 HIGH
Fix CVE-2023-26115 (HIGH) in word-wrap for npm. Paste your package.json into PackageFix and get a patched version — no CLI, no signup. Redos in regular expression.
⚠ Vulnerability
CVE-2023-26115 (HIGH) — ReDoS in regular expression in word-wrap versions below 1.2.4.
Vulnerable Version — package.json
"word-wrap": "1.2.3"
Fixed Version — package.json
"word-wrap": "1.2.4"
✓ Fix
Update word-wrap to 1.2.4 or later. Run npm install to apply. Verify with your ecosystem's audit tool after updating.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2023-26115 |
| Severity | HIGH |
| Package | word-wrap (npm) |
| Vulnerable versions | Below 1.2.4 |
| Safe version | 1.2.4 |
| CISA KEV | — |
| Description | Redos in regular expression |
Frequently Asked Questions
What is CVE-2023-26115?
CVE-2023-26115 is a HIGH severity vulnerability in word-wrap (npm). It allows ReDoS in regular expression. Update to version 1.2.4 or later to fix it.
How do I fix CVE-2023-26115 in word-wrap?
Update word-wrap to version 1.2.4 in your package.json. Run npm install after updating to apply the fix.
Is CVE-2023-26115 being actively exploited?
Check the live CISA KEV catalog at packagefix.dev — PackageFix always reflects the current KEV status.
How do I check if I am affected by CVE-2023-26115?
Paste your package.json into PackageFix. If your installed version of word-wrap is below 1.2.4, you are affected. PackageFix shows the exact CVE ID and fix version.
What search queries does this page target?
This page covers: word-wrap CVE, word-wrap ReDoS, word-wrap vulnerability.