3 matches found
SUSE CVE-2022-24785
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...
Moment.js: Path traversal in moment.locale
A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...
Moment.js 资源管理错误漏洞
Moment.js is a JavaScript date library. It is used to parse, validate, manipulate and format dates. Moment.js has a security vulnerability that stems from the use of an inefficient parsing algorithm. Users passing user-supplied strings to the moment constructor without sound length checking are...