CVE-2017-18214
nodejs-moment: Regular expression denial of service
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
El módulo moment en versiones anteriores a la 2.19.3 para Node.js es propenso a una denegación de servicio de expresión regular (DoS) mediante una cadena de fecha manipulada. Esta vulnerabilidad es diferente de CVE-2016-4055.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-11-11 First Exploit
- 2018-03-04 CVE Reserved
- 2018-03-04 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://github.com/moment/moment/issues/4163 | Issue Tracking | |
https://nodesecurity.io/advisories/532 | Not Applicable |
URL | Date | SRC |
---|---|---|
https://github.com/ossf-cve-benchmark/CVE-2017-18214 | 2017-11-11 |
URL | Date | SRC |
---|---|---|
https://www.tenable.com/security/tns-2019-02 | 2022-02-14 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2017-18214 | 2023-01-31 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1553413 | 2023-01-31 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Momentjs Search vendor "Momentjs" | Moment Search vendor "Momentjs" for product "Moment" | <= 2.19.2 Search vendor "Momentjs" for product "Moment" and version " <= 2.19.2" | node.js |
Affected
| ||||||
Tenable Search vendor "Tenable" | Nessus Search vendor "Tenable" for product "Nessus" | <= 8.2.3 Search vendor "Tenable" for product "Nessus" and version " <= 8.2.3" | - |
Affected
|