Lucene search

K

Moment Security Vulnerabilities

cve
cve

CVE-2022-31129

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has...

7.5CVSS

7.5AI Score

0.003EPSS

2022-07-06 06:15 PM
411
In Wild
12
cve
cve

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

7.5CVSS

7.4AI Score

0.003EPSS

2022-04-04 05:15 PM
1209
In Wild
4
cve
cve

CVE-2017-18214

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than...

7.5CVSS

6.5AI Score

0.008EPSS

2018-03-04 09:29 PM
126
2
cve
cve

CVE-2016-4055

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service...

6.5CVSS

6.5AI Score

0.008EPSS

2017-01-23 09:59 PM
149
2