Описание
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
Отчет
This issue affects the versions of momentjs as shipped with Red Hat Enterprise Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. In Quay 3.10 and above, no version of affected momentjs is present.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | nodejs-moment | Affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Not affected | ||
| Red Hat Satellite 5 | momentjs | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 7 | nodejs-moment | Fixed | RHSA-2023:0556 | 31.01.2023 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-hal-console | Fixed | RHSA-2023:0553 | 31.01.2023 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 | eap7-hal-console | Fixed | RHSA-2023:0554 | 31.01.2023 |
| Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 | eap7-hal-console | Fixed | RHSA-2023:0552 | 31.01.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
The moment module before 2.19.3 for Node.js is prone to a regular expr ...
EPSS
5.3 Medium
CVSS3