npm package
moment
pkg:npm/moment
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31129 | — | >= 2.18.0, < 2.29.4 | 2.29.4 | Jul 6, 2022 | moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried | ||
| CVE-2022-24785 | — | < 2.29.2 | 2.29.2 | Apr 4, 2022 | Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch mom | ||
| CVE-2017-18214 | — | < 2.19.3 | 2.19.3 | Mar 4, 2018 | The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | ||
| CVE-2016-4055 | Med | 6.5 | < 2.11.2 | 2.11.2 | Jan 23, 2017 | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." |
- CVE-2022-31129Jul 6, 2022affected >= 2.18.0, < 2.29.4fixed 2.29.4
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried
- CVE-2022-24785Apr 4, 2022affected < 2.29.2fixed 2.29.2
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch mom
- CVE-2017-18214Mar 4, 2018affected < 2.19.3fixed 2.19.3
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
- affected < 2.11.2fixed 2.11.2
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."