CVE-2022-24785
published 2022-04-04CVE-2022-24785: Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users…
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
5.66%
92.0th percentile
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | node-moment | < node-moment 2.29.2+ds-1 (bookworm) | node-moment 2.29.2+ds-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| ghost | ghost | >= 0 < 4.48.2 | 4.48.2 |
| ghost | ghost | >= 5.0.0 < 5.2.3 | 5.2.3 |
| moment | moment | — | — |
| moment | moment | >= 0 < 2.29.2 | 2.29.2 |
| momentjs | moment | >= 1.0.1 < 2.29.2 | 2.29.2 |
| tenable | tenable.sc | < 5.21.0 | 5.21.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect vulnerable Moment.js versions (1.0.1 through 2.29.1) loaded in web applications; flag any version below 2.29.2 as potentially exploitable for path traversal via locale parameter ↗
- →Look for user-controlled input flowing into the Moment.js locale() function's name parameter on the server side — this is the specific taint path exploited by CVE-2022-24785 ↗
- →Flag taint flows where a parameter named 'locale' (or similar) from an HTTP request reaches a file path resolution context in Node.js/npm server-side Moment.js usage ↗
- →Use Qualys WAS QID 151025 as a detection reference for identifying vulnerable Moment.js deployments associated with CVE-2022-24785 ↗
- ·Vulnerability only affects npm (server-side) users of Moment.js; client-side browser-only usage is not impacted by this path traversal ↗
- ·Exploitation requires that a user-provided locale string is passed directly to Moment.js without sanitization; applications that sanitize locale input before passing it to Moment.js are not exploitable ↗
- ·The vulnerability was not intentional but a consequence of sloppy coding practices — nothing in the API name or documentation signals the security-sensitive file path behavior, meaning many integrations may unknowingly pass untrusted data to the locale function ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
ghsa7.5HIGH
osv7.5HIGH
vulncheck7.5HIGH
vendor_debian7.5HIGH
vendor_oracle7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
node-moment vulnerabilities
osv·2022-08-10·CVSS 7.5
CVE-2022-24785 [HIGH] node-moment vulnerabilities
node-moment vulnerabilities
It was discovered that Moment.js incorrectly handled certain input paths. An
attacker could possibly use this issue to cause a loss of integrity by
changing the correct path to one of their choice. (CVE-2022-24785)
It was discovered that Moment.js incorrectly handled certain input. An attacker
could possibly use this issue to cause a denial of service. (CVE-2022-31129)
GHSA
Ghost vulnerable to remote code execution in locale setting change
ghsa·2022-06-17·CVSS 7.5
CVE-2022-24785 [HIGH] Ghost vulnerable to remote code execution in locale setting change
Ghost vulnerable to remote code execution in locale setting change
### Impact
A [vulnerability](https://www.cve.org/CVERecord?id=CVE-2022-24785) in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file that has previously been uploaded using the file upload functionality in the post editor.
### Patches
Fixed in 5.2.3, all 5.x sites should update as soon as possible.
Fixed in 4.48.2, all 4.x sites should update as soon as possible.
### Workarounds
Patched versions of Ghost add validation to the locale input to prevent execution of arbitrary files. Updating Ghost is the quickest complete solution.
As a workaround, if for any reason you cannot update your Ghost instance, you can block the `POST /ghost/api/admin/settings/` e
OSV
Ghost vulnerable to remote code execution in locale setting change
osv·2022-06-17·CVSS 7.5
CVE-2022-24785 [HIGH] Ghost vulnerable to remote code execution in locale setting change
Ghost vulnerable to remote code execution in locale setting change
### Impact
A [vulnerability](https://www.cve.org/CVERecord?id=CVE-2022-24785) in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file that has previously been uploaded using the file upload functionality in the post editor.
### Patches
Fixed in 5.2.3, all 5.x sites should update as soon as possible.
Fixed in 4.48.2, all 4.x sites should update as soon as possible.
### Workarounds
Patched versions of Ghost add validation to the locale input to prevent execution of arbitrary files. Updating Ghost is the quickest complete solution.
As a workaround, if for any reason you cannot update your Ghost instance, you can block the `POST /ghost/api/admin/settings/` e
OSV
Path Traversal: 'dir/../../filename' in moment.locale
osv·2022-04-04
CVE-2022-24785 [HIGH] Path Traversal: 'dir/../../filename' in moment.locale
Path Traversal: 'dir/../../filename' in moment.locale
### Impact
This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.
### Patches
This problem is patched in 2.29.2, and the patch can be applied to all affected versions (from 1.0.1 up until 2.29.1, inclusive).
### Workarounds
Sanitize user-provided locale name before passing it to moment.js.
### References
_Are there any links users can visit to find out more?_
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [moment repo](https://github.com/moment/moment)
OSV
CVE-2022-24785: Moment
osv·2022-04-04·CVSS 7.5
CVE-2022-24785 [HIGH] CVE-2022-24785: Moment
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
GHSA
Path Traversal: 'dir/../../filename' in moment.locale
ghsa·2022-04-04
CVE-2022-24785 [HIGH] CWE-22 Path Traversal: 'dir/../../filename' in moment.locale
Path Traversal: 'dir/../../filename' in moment.locale
### Impact
This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.
### Patches
This problem is patched in 2.29.2, and the patch can be applied to all affected versions (from 1.0.1 up until 2.29.1, inclusive).
### Workarounds
Sanitize user-provided locale name before passing it to moment.js.
### References
_Are there any links users can visit to find out more?_
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [moment repo](https://github.com/moment/moment)
VulnCheck
momentjs moment Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2022·CVSS 7.5
CVE-2022-24785 [HIGH] momentjs moment Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
momentjs moment Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Affected: momentjs moment
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cisa.gov/sit
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (Moment.js) — CVE-2022-24785
vendor_oracle·2022-10-15·CVSS 7.5
CVE-2022-24785 [HIGH] Oracle Oracle Communications Risk Matrix: Configuration (Moment.js) — CVE-2022-24785
Oracle Oracle Communications Risk Matrix: Configuration (Moment.js) vulnerability
CVE: CVE-2022-24785
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2022 (OCT 2022)
Ubuntu
Moment.js vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 7.5
CVE-2022-31129 [HIGH] Moment.js vulnerabilities
Title: Moment.js vulnerabilities
Summary: Several security issues were fixed in Moment.js.
It was discovered that Moment.js incorrectly handled certain input paths. An
attacker could possibly use this issue to cause a loss of integrity by
changing the correct path to one of their choice. (CVE-2022-24785)
It was discovered that Moment.js incorrectly handled certain input. An attacker
could possibly use this issue to cause a denial of service. (CVE-2022-31129)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Moment.js: Path traversal in moment.locale
vendor_redhat·2022-04-04·CVSS 7.5
CVE-2022-24785 [HIGH] CWE-22 Moment.js: Path traversal in moment.locale
Moment.js: Path traversal in moment.locale
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a los
Debian
CVE-2022-24785: node-moment - Moment.js is a JavaScript date library for parsing, validating, manipulating, an...
vendor_debian·2022·CVSS 7.5
CVE-2022-24785 [HIGH] CVE-2022-24785: node-moment - Moment.js is a JavaScript date library for parsing, validating, manipulating, an...
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Scope: local
bookworm: resolved (fixed in 2.29.2+ds-1)
bullseye: resolved (fixed in 2.29.1+ds-2+deb11u1)
forky: resolved (fixed in 2.29.2+ds-1)
sid: resolved (fixed in 2.29.2+ds-1)
trixie: resolved (fixed in 2.29.2+ds-1)
No detection rules found.
No public exploits indexed.
Qualys
Detecting Vulnerabilities in JavaScript Libraries: jQuery & Bootstrap | Qualys
blogs_qualys·2023-01-16
Detecting Vulnerabilities in JavaScript Libraries: jQuery & Bootstrap | Qualys
#### Table of Contents
- JavaScript Frameworks
- Detecting JavaScript Library Vulnerabilities with Qualys WAS
- Solution
- Contributors
JavaScript is a popular programming language which is an integral component while developing interactive and dynamic web applications. It allows developers to create engaging and responsive user interfaces, handling complex web page elements, enhancing the overall functionality of the application. According to W3Techs statistics, 98% of all the websites use JavaScript as client-side programming language.
To further simplify the web development process and make it efficient, Web developers frequently use JavaScript library, a collection of pre-written JavaScript codes that can be easily integrated with application projects. These libraries can provide a
Qualys
Detection of Vulnerabilities in JavaScript Libraries
blogs_qualys·2023-01-16
Detection of Vulnerabilities in JavaScript Libraries
## Table of Contents
JavaScript Frameworks
Detecting JavaScript Library Vulnerabilities with Qualys WAS
Solution
Contributors
JavaScript is a popular programming language which is an integral component while developing interactive and dynamic web applications. It allows developers to create engaging and responsive user interfaces, handling complex web page elements, enhancing the overall functionality of the application. According to W3Techs statistics , 98% of all the websites use JavaScript as client-side programming language.
To further simplify the web development process and make it efficient, Web developers frequently use JavaScript library, a collection of pre-written JavaScript codes that can be easily integrated with application projects. These libraries can provide a variet
arXiv
Beware of the Unexpected: Bimodal Taint Analysis
arxiv_fulltext·2023-01-25
Beware of the Unexpected: Bimodal Taint Analysis
Beware of the Unexpected: Bimodal Taint Analysis
Yiu Wai Chow
University of Stuttgart
Stuttgart
Germany
[email protected]
Max Sch\"afer
GitHub
Oxford
UK
[email protected]
Michael Pradel
0000-0003-1623-498X
University of Stuttgart
Stuttgart
Germany
[email protected]
## Abstract
Static analysis is a powerful tool for detecting security vulnerabilities
and other programming problems. Global taint tracking, in particular, can
spot vulnerabilities arising from complicated data flow across multiple
functions. However, precisely identifying which flows are problematic is
challenging, and sometimes depends on factors beyond the reach of pure
program analysis, such as conventions and informal knowledge. For example,
learning that a parameter name of an API function locale e
https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4https://lists.debian.org/debian-lts-announce/2023/01/msg00035.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/https://security.netapp.com/advisory/ntap-20220513-0006/https://www.tenable.com/security/tns-2022-09https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4https://lists.debian.org/debian-lts-announce/2023/01/msg00035.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/https://security.netapp.com/advisory/ntap-20220513-0006/https://security.netapp.com/advisory/ntap-20241108-0002/https://www.tenable.com/security/tns-2022-09
2022-04-04
Published
Exploited in the wild