Описание
Regular Expression Denial of Service in moment
Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings.
Recommendation
Update to version 2.19.3 or later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-18214
- https://github.com/moment/moment/issues/4163
- https://github.com/moment/moment/pull/4326
- https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb
- https://github.com/advisories/GHSA-446m-mv8f-q348
- https://www.npmjs.com/advisories/532
- https://www.tenable.com/security/tns-2019-02
Пакеты
moment
< 2.19.3
2.19.3
Связанные уязвимости
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
The moment module before 2.19.3 for Node.js is prone to a regular expr ...