VYPR
High severityNVD Advisory· Published Dec 28, 2020· Updated Aug 4, 2024

Regular expression Denial of Service in date-and-time

CVE-2020-26289

Description

date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
date-and-timenpm
< 0.14.20.14.2

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.