Malicious code in luxon-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6cf8bc36e6ae424cba2eb02275c950a8211e5342252662276b2c53afa5c8255 The package luxon-js was found to contain malicious code. Source: ghsa-malware 4fc26738db6a8729f71b32abddd5b6da3cce0b05e304b180ed3915f6cd07f746 Any...

EUVD-2026-1971

Malicious code in luxon-js npm...

Malicious Package

Overview luxon-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

MAL-2026-228 Malicious code in luxon-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6cf8bc36e6ae424cba2eb02275c950a8211e5342252662276b2c53afa5c8255 The package luxon-js was found to contain malicious code. Source: ghsa-malware 4fc26738db6a8729f71b32abddd5b6da3cce0b05e304b180ed3915f6cd07f746 Any...

EUVD-2023-0326

Malicious code in bioql PyPI...

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

Fedora 39 : python-nikola (2024-262ad83644)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-262ad83644 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...

Fedora 38 : python-nikola (2024-1eb20f8ec3)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1eb20f8ec3 advisory. Update to the latest stable version: Features -------- Implement a new plugin manager from scratch to replace Yapsy, which does not work on Python 3.12 due t...

Security Bulletin: A vulnerability in Luxon may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-22467)

Summary There is a vulnerability in Luxon used by IBM Robotic Process Automation as part of UI infrastructure which may result in a denial of service. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details CVEID:CVE-2023-22467 DESCRIPTION:...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Moment CVE-2023-22467

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Moment CVE-2023-22467 with details below Vulnerability Details CVEID:CVE-2023-22467 DESCRIPTION: Moment.js Luxon is vulnerable to a denial of service, caused by a regular expression denial of...

Security Bulletin: IBM App Connect Enterprise Certified Container flows that use scheduled event nodes may be vulnerable to denial of service due to [CVE-2023-22467]

Summary Node.js module moment.js Luxon is used by IBM App Connect Enterprise Certified Container in the scheduled event node. IBM App Connect Enterprise Certified Container IntegrationServer and DesignerAuthoring operands that run flows containing a scheduled event node may be vulnerable to denia...

CVE-2023-22467

A flaw was found in the luxon package, resulting in a regular expression denial of service. This issue could allow an attacker to craft and supply inputs above 10k characters, causing a denial of service...

GHSA-3XQ5-WJFH-PPJC Luxon Inefficient Regular Expression Complexity vulnerability

Impact Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to ReDoS attacks. This is the same bug as Moment's...

@allsource/ui.partials.navbar.navbar (>=0.0.15 <=0.0.53), @allsource/ui.partials.navbar.usericons (>=0.0.1 <=0.0.30) +223 more potentially affected by CVE-2023-22467 via luxon (>=3.0.0 <=3.2.0)

luxon NPM version =3.0.0, =0.0.15, =0.0.1, =5.17.1-login-manager.0, =1.0.0, =4.25.0, =0.13.47-alpha, =0.21.10-alpha, =2.0.0, =3.0.0, =3.0.0, =2.0.0, =0.3.2, =0.1.1, =13.0.0, =13.3.7 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...

@arcgis/core (>=4.21.0 <=4.25.0-next.20220711), @archimedes/arch (>=2.1.1-beta.1 <=2.2.0-beta.4) +184 more potentially affected by CVE-2023-22467 via luxon (>=2.0.1 <=2.5.0)

luxon NPM version =2.0.1, =4.21.0, =2.1.1-beta.1, =1.6.1, =2.1.0, =1.5.15, =0.1.0, =0.1.0, =0.0.0-nightly-2021812202, =0.10.592-alpha, =0.14.1021, =3.0.1, =3.2.7-alpha.6226622763, =1.4.41, =1.4.50 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...

@918pixels/test (=1.1.1), @abt-desk/apm (>=0.0.25 <=0.33.12) +248 more potentially affected by CVE-2023-22467 via luxon (>=1.0.0 <=1.28.0)

luxon NPM version =1.0.0, =0.0.25, =1.0.0, =0.0.1-alpha.27, =0.0.1-alpha.27, =0.0.1-alpha.27, =0.3.0, =0.0.0-nightly-2021242250, =0.8.1, =0.12.4, =0.6.5, =0.12.0, =0.0.1, =1.0.9, =1.0.0, =1.0.9 and more Source cves: CVE-2023-22467 Source advisory: OSV:GHSA-3XQ5-WJFH-PPJC...

Luxon Inefficient Regular Expression Complexity vulnerability

Impact Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to ReDoS attacks. This is the same bug as Moment's...

Regular Expression Denial Of Service

luxon is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists via the replace parameter in regexParser.js, which does not properly handle user-untrusted data allowing the attacker to supply arbitrary input to the function, resulting in a system crash...

CVE-2023-22467

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...