K000157365: Moment vulnerability CVE-2022-31129

Security Advisory Description moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, whi...

nodejs-moment: Regular expression denial of service

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

@conga/framework-dashboard (>=2.0.0 <=2.1.0), @dsbn/vue-auth (=0.0.1) +28 more potentially affected by unknown CVE via vue-moment (>=1.0.8 <=4.0.0)

vue-moment NPM version =1.0.8, =2.0.0, =1.0.3, =1.0.0, =1.0.40, =1.0.1, =0.0.1, =0.0.1, =6.1.0, =0.3.3, =0.1.2, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HRPP-F84W-XHFG...

111-react-simpleform (>=1.0.0 <=1.0.6), 2ch (>=0.1.0 <=0.1.3) +3833 more potentially affected by CVE-2017-18214 via moment (>=1.0.0 <=2.19.2)

moment NPM version =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.1, =0.0.2, =1.0.0-beta.1, =1.43.0, =1.70.1, =1.70.1, =1.85.3, =1.70.2, =1.0.0, =0.1.0, =0.2.3 and more Source cves: CVE-2017-18214 Source advisory: OSV:GHSA-446M-MV8F-Q348...

2ch (>=0.1.0 <=0.1.3), 3loc (>=0.2.0 <=0.4.0) +1296 more potentially affected by CVE-2016-4055 via moment (>=1.0.0 <=2.11.1)

moment NPM version =1.0.0, =0.1.0, =0.2.0, =0.0.13, =1.0.0, =0.2.11, =1.0.1, =1.0.33, =0.0.15, =1.2.6, =2.1.7 and more Source cves: CVE-2016-4055 Source advisory: OSV:GHSA-87VV-R9J6-G5QV...

PT-2017-4100

Name of the Vulnerable Software and Affected Versions moment versions prior to 2.19.3 Description The issue is related to a regular expression denial of service via a crafted date string. It allows a remote attacker to cause a denial of service. The vulnerability is associated with an uncontrolle...