Description
Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings.
Recommendation
Update the moment package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.19.3
- Patched version(s): 2.19.3
References
Related Issues
- Regular Expression Denial of Service in debug - CVE-2017-16137
- Regular Expression Denial of Service in marked (GHSA-x5pg-88wf-qq4p) - CVE-2017-16114
- Regular Expression Denial of Service in string package - CVE-2017-16116
- Regular Expression Denial of Service in timespan - CVE-2017-16115
- Tags:
- npm
- moment
Anything's wrong? Let us know Last updated on April 14, 2023