11 matches found
Astra Linux – Vulnerability in node-moment
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability affects users of Moment.js on npm server versions between 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch the moment locale...
EUVD-2022-1677
Malicious code in bioql PyPI...
Security Bulletin: Vulnerability in moment.js affects IBM Integrated Analytics System [CVE-2022-31129]
Summary The moment.js package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2022-31129. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: moment is a JavaScript date library for parsing, validating, manipulating, and formatti...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Path Traversal in Moment.js (CVE-2022-24785)
Summary Moment.js is used by IBM Storage Fusion Data Foundation in noobaa-core-container and Ceph as part of Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-24785. Vulnerability Details CVEID:CVE-2022-24785...
nodejs-moment: Regular expression denial of service
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...
moment: inefficient parsing algorithm resulting in DoS
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...
moment: inefficient parsing algorithm resulting in DoS
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...
moment: inefficient parsing algorithm resulting in DoS
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...
CVE-2022-24785 Path Traversal in Moment.js
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...
PT-2022-16878
Name of the Vulnerable Software and Affected Versions Moment.js versions 1.0.1 through 2.29.1 Description A path traversal vulnerability impacts npm server users of Moment.js, especially if a user-provided locale string is directly used to switch moment locale. This issue allows an unauthenticate...
Moment.js < 2.19.3 Regular Expression Denial of Service
According to its self-reported version number, Moment.js is prior to 2.19.3. Therefore, it may be affected by a regular expression denial of service vulnerability when parsing dates as string. Note that the scanner has not tested for these issues but has instead relied only on the application's...