CVE-2017-18214 – moment

Package

Manager: npm
Name: moment
Vulnerable Version: >=0 <2.19.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00322 pctl0.54661

Details

Regular Expression Denial of Service in moment Affected versions of `moment` are vulnerable to a low severity regular expression denial of service when parsing dates as strings. ## Recommendation Update to version 2.19.3 or later.

Metadata

Created: 2018-03-05T18:35:09Z
Modified: 2021-08-31T21:44:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-446m-mv8f-q348/GHSA-446m-mv8f-q348.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-446m-mv8f-q348
Finding: F211
Auto approve: 1