CVE-2020-26289

Опубликовано: 28 дек. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.

Ссылки

https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a
Patch
Third Party Advisory
https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g
Third Party Advisory
https://www.npmjs.com/package/date-and-time
Product
Third Party Advisory
https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a
Patch
Third Party Advisory
https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g
Third Party Advisory
https://www.npmjs.com/package/date-and-time
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:date-and-time_project:date-and-time:*:*:*:*:*:node.js:*:*

Версия до 0.14.2 (исключая)

EPSS

Процентиль: 67%

0.00526

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2020-26289

CVSS3: 7.5

redhat

около 5 лет назад

GHSA-r92x-f52r-x54g

CVSS3: 7.5

github

около 5 лет назад

regular expression denial of service (ReDoS)

EPSS

Процентиль: 67%

0.00526

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400