Search for packages
| purl | pkg:npm/moment@2.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-cjwf-nuwg-4yc2
Aliases: CVE-2017-18214 GHSA-446m-mv8f-q348 |
Uncontrolled Resource Consumption The moment module for `Node.js` is prone to a regular expression denial of service via a crafted date string. |
Affected by 2 other vulnerabilities. |
|
VCID-fg81-yqah-rbep
Aliases: GHSA-hxf5-mg84-pj4m |
Moderate severity vulnerability that affects moment Withdrawn, accidental duplicate publish. The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." |
Affected by 3 other vulnerabilities. |
|
VCID-gtht-4h82-pqg4
Aliases: GMS-2017-332 |
Regular Expression Denial of Service Moment is vulnerable to a low severity regular expression denial of service vulnerability. |
Affected by 2 other vulnerabilities. |
|
VCID-kexn-gjxj-uudm
Aliases: CVE-2022-24785 GHSA-8hfj-j24r-96c4 |
Path Traversal: 'dir/../../filename' in moment.locale This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale. |
Affected by 1 other vulnerability. |
|
VCID-quy6-sg5w-qyhe
Aliases: CVE-2016-4055 GHSA-87vv-r9j6-g5qv |
Regular Expression Denial of Service in moment The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||