Описание
Outdated Static Dependency in vue-moment
Versions of vue-moment prior to 4.1.0 contain an Outdated Static Dependency. The package depends on moment and has it loaded statically instead of as a dependency that can be updated. It has moment@2.19.1 that contains a Regular Expression Denial of Service vulnerability.
Recommendation
Upgrade to version 4.1.0 or later.
Пакеты
Наименование
vue-moment
npm
Затронутые версииВерсия исправления
< 4.1.0
4.1.0
5.3 Medium
CVSS3
Дефекты
CWE-1104
5.3 Medium
CVSS3
Дефекты
CWE-1104