9 matches found
Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates
Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...
Fedora 39 : python-nikola (2024-262ad83644)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-262ad83644 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...
Fedora 38 : python-nikola (2024-1eb20f8ec3)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1eb20f8ec3 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.0 security and bug fix updates
Red Hat Advanced Cluster Management for Kubernetes 2.7.0 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
@allsource/ui.partials.navbar.navbar (>=0.0.15 <=0.0.53), @allsource/ui.partials.navbar.usericons (>=0.0.1 <=0.0.30) +220 more potentially affected by CVE-2023-22467 via luxon (>=3.0.0 <=3.2.0)
luxon NPM version =3.0.0, =0.0.15, =0.0.1, =5.17.1-login-manager.0, =1.0.0, =4.25.0, =0.13.47-alpha, =0.21.10-alpha, =2.0.0, =3.0.0, =3.0.0, =2.0.0, =0.3.2, =0.1.1, =13.0.0, =13.3.7 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...
@918pixels/test (=1.1.1), @abt-desk/apm (>=0.0.25 <=0.33.12) +241 more potentially affected by CVE-2023-22467 via luxon (>=1.0.0 <=1.28.0)
luxon NPM version =1.0.0, =0.0.25, =1.0.0, =0.0.1-alpha.27, =0.0.1-alpha.27, =0.0.1-alpha.27, =0.3.0, =0.0.0-nightly-2021242250, =0.8.1, =0.12.4, =0.6.5, =0.12.0, =0.0.1, =1.0.9, =1.0.0, =1.0.9 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...
@arcgis/core (>=4.21.0 <=4.25.0-next.20220711), @archimedes/arch (>=2.1.1-beta.1 <=2.2.0-beta.4) +185 more potentially affected by CVE-2023-22467 via luxon (>=2.0.1 <=2.5.0)
luxon NPM version =2.0.1, =4.21.0, =2.1.1-beta.1, =1.6.1, =2.1.0, =1.5.15, =0.1.0, =0.1.0, =0.0.0-nightly-2021812202, =0.10.592-alpha, =0.14.1021, =3.0.1, =3.2.7-alpha.6226622763, =1.4.48, =1.4.50 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...
CVE-2023-22467
Luxon’s DateTime.fromRFC2822() on the 1.x branch before 1.38.1, the 2.x branch before 2.5.2, and the 3.x branch on 3.2.1 exhibits quadratic (N^2) complexity for some inputs, causing slowdowns for untrusted data (≈ >10k chars) and enabling (Re)DoS. Patches exist in 1.38.1, 2.5.2, and 3.2.1; a r...
CVE-2023-22467 luxon.js inefficient regular expression complexity vulnerability
Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...