5 matches found
@conga/framework-dashboard (>=2.0.0 <=2.1.0), @dsbn/vue-auth (=0.0.1) +28 more potentially affected by unknown CVE via vue-moment (>=1.0.8 <=4.0.0)
vue-moment NPM version =1.0.8, =2.0.0, =1.0.3, =1.0.0, =1.0.40, =1.0.1, =0.0.1, =0.0.1, =6.1.0, =0.3.3, =0.1.2, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HRPP-F84W-XHFG...
Outdated Static Dependency in vue-moment
Versions of vue-moment prior to 4.1.0 contain an Outdated Static Dependency. The package depends on moment and has it loaded statically instead of as a dependency that can be updated. It has [email protected] that contains a Regular Expression Denial of Service vulnerability. Recommendation Upgrade t...
GHSA-HRPP-F84W-XHFG Outdated Static Dependency in vue-moment
Versions of vue-moment prior to 4.1.0 contain an Outdated Static Dependency. The package depends on moment and has it loaded statically instead of as a dependency that can be updated. It has [email protected] that contains a Regular Expression Denial of Service vulnerability. Recommendation Upgrade t...
Regular Expression Denial Of Service (ReDoS)
vue-moment is vulnerable to regular expression denial of service ReDoS attacks. These attacks are possible because it has a vulnerable static dependency which uses a flawed regular expression taking long time in matching dates for long strings...
Outdated Static Dependency
Overview Versions of vue-moment prior to 4.1.0 contain an Outdated Static Dependency. The package depends on moment and has it loaded statically instead of as a dependency that can be updated. It has [email protected] that contains a Regular Expression Denial of Service vulnerability. Recommendation...