Description
This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg fr is directly used to switch moment locale.
Recommendation
Update the moment package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.29.2
- Patched version(s): 2.29.2
References
- GHSA-8hfj-j24r-96c4
- www.tenable.com
- lists.debian.org
- lists.fedoraproject.org
- security.netapp.com
- CVE-2022-24785
- CWE-22
- CWE-27
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- Rollup 4 has Arbitrary File Write via Path Traversal - CVE-2026-27606
- MJML vulnerable to path traversal - CVE-2020-12827
- Nuxt Devtools has a Path Traversal: '../filedir - CVE-2024-23657
- Path traversal vulnerability in gatsby-plugin-sharp - CVE-2023-30548
You might also like:
- Tags:
- npm
- moment
Anything's wrong? Let us know Last updated on November 04, 2025


