14 matches found
SUSE CVE-2022-24785
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...
Malicious code in momentjs-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f28c9895f79a0a36ce23a5aa43824f3819d75b0736b6650523b5f4dc6aa0babd The OpenSSF Package Analysis project identified 'momentjs-poc' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
MAL-2025-6329 Malicious code in momentjs-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f28c9895f79a0a36ce23a5aa43824f3819d75b0736b6650523b5f4dc6aa0babd The OpenSSF Package Analysis project identified 'momentjs-poc' @ 1.0.1 npm as malicious. It is considered malicious because: - The package...
Moment.js: Path traversal in moment.locale
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
moment: inefficient parsing algorithm resulting in DoS
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...
Moment.js: Path traversal in moment.locale
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
Vulnerabilities fixed in Tenable Nessus
Vulnerabilities have been fixed in Tenable Nessus. Nessus makes uses opensource products moment.js, expat, datatables, libxml2 and zlib. Tenable chose to upgrade these components to upgrade to address the potential impact of the issues. Tenable has issued updates to address the vulnerabilities. F...
moment: inefficient parsing algorithm resulting in DoS
A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...
Moment.js: Path traversal in moment.locale
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
Moment.js: Path traversal in moment.locale
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
Moment.js 资源管理错误漏洞
Moment.js is a JavaScript date library. It is used to parse, validate, manipulate and format dates. Moment.js has a security vulnerability that stems from the use of an inefficient parsing algorithm. Users passing user-supplied strings to the moment constructor without sound length checking are...
Moment.js: Path traversal in moment.locale
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
Moment.js: Path traversal in moment.locale
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
[R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities
R1 Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities Arnie Cabral Tue, 04/19/2022 - 10:32 Tenable.sc leverages third-party software to help provide underlying functionality. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made...