USN-6550-1 postfixadmin vulnerabilities

It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. CVE-2022-29221 It was discovered that Moment.js, that is...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

GHSA-WC69-RHJR-HC9G Moment.js vulnerable to Inefficient Regular Expression Complexity

Impact using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has quadratic N^2 complexity on specific inputs noticeable slowdown is observed with inputs above 10k characters users who pass user-provided strings without sanity length checks to moment...

PT-2022-20550

Name of the Vulnerable Software and Affected Versions moment versions prior to 2.29.4 Description The issue is related to an inefficient parsing algorithm used in the moment JavaScript date library, specifically in the string-to-date parsing and rfc2822 parsing. This results in quadratic complexi...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...

DEBIAN-CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...

UBUNTU-CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...