Lucene search

Veracode Vulnerability DatabaseVERACODE:28826

HistoryDec 28, 2020 - 5:41 a.m.

Regular Expression Denial Of Service (ReDoS)

2020-12-2805:41:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

date-and-time is vulnerable to Regular Expression Denial Of Service (ReDoS). The vulnerability is possible due to an overly permissive regular expression, the parsing of certain date strings may lead to a denial of service.

CPENameOperatorVersion
date-and-timele0.14.1

CPE	Name	Operator	Version
	date-and-time	le	0.14.1

References

github.com/advisories/GHSA-r92x-f52r-x54g

github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a

github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g

www.npmjs.com/package/date-and-time

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:28826