Описание
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
A flaw was found in nodejs-date-and-time. In date-and-time there a regular expression involved in parsing which can be exploited to cause a denial of service.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1911627nodejs-date-and-time: ReDoS in parsing via date.compile
EPSS
Процентиль: 67%
0.00526
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
около 5 лет назад
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
EPSS
Процентиль: 67%
0.00526
Низкий
7.5 High
CVSS3