This repository was archived by the owner on Jun 28, 2025. It is now read-only.
This repository was archived by the owner on Jun 28, 2025. It is now read-only.
[Bug] CVE-2023-26115 #579
Description
What version of vite are you using?
4.3.9
System info and storybook versions
System:
OS: macOS 13.4.1
CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Binaries:
Node: 20.2.0 - /usr/local/bin/node
Yarn: 1.22.19 - /usr/local/bin/yarn
npm: 9.6.6 - /usr/local/bin/npm
Browsers:
Chrome: 114.0.5735.198
Safari: 16.5.1
npmPackages:
@storybook/addon-essentials: ^7.0.24 => 7.0.24
@storybook/core-common: ^7.0.24 => 7.0.24
@storybook/core-server: ^7.0.24 => 7.0.24
@storybook/react-vite: ^7.0.24 => 7.0.24
Describe the Bug
$ yarn audit
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ word-wrap vulnerable to Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ word-wrap │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/react-vite │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @storybook/react-vite > @storybook/react > escodegen > │
│ │ optionator > word-wrap │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1092330 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Temp Solution before a fix for yarn in your package.json:
"resolutions": {
"**/optionator": "^0.9.3"
}Link to Minimal Reproducible Example
No response
Participation
- I am willing to submit a pull request for this issue.