Moment.js Moment 2.3.0 for Node.js

CPE Details

Moment.js Moment 2.3.0 for Node.js
momentjs
moment
2.3.0
2019-06-11
16h49 +00:00
2022-06-03
15h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:momentjs:moment:2.3.0:*:*:*:*:node.js:*:*

Informations

Vendor

momentjs

Product

moment

Version

2.3.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-24785 2022-04-03 22h00 +00:00 Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
7.5
High
CVE-2017-18214 2018-03-04 20h00 +00:00 The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
7.5
High
CVE-2016-4055 2017-01-23 20h00 +00:00 The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
6.5
Medium