CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-31129 – Inefficient Regular Expression Complexity in moment
https://notcve.org/view.php?id=CVE-2022-31129
06 Jul 2022 — moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment construc... • https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24785 – Path Traversal in Moment.js
https://notcve.org/view.php?id=CVE-2022-24785
04 Apr 2022 — Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. Moment.js es una librería de fechas en Jav... • https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-27: Path Traversal: 'dir/../../filename' •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-18214 – nodejs-moment: Regular expression denial of service
https://notcve.org/view.php?id=CVE-2017-18214
04 Mar 2018 — The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. El módulo moment en versiones anteriores a la 2.19.3 para Node.js es propenso a una denegación de servicio de expresión regular (DoS) mediante una cadena de fecha manipulada. Esta vulnerabilidad es diferente de CVE-2016-4055. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application r... • https://github.com/ossf-cve-benchmark/CVE-2017-18214 • CWE-400: Uncontrolled Resource Consumption •