cbcvebase.

Debian Node-Moment vulnerabilities

4 known vulnerabilities affecting debian/node-moment.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH2LOW2

Vulnerabilities

Page 1 of 1
CVE-2022-24785P2HIGHCVSS 7.5Exploitedfixed in node-moment 2.29.2+ds-1 (bookworm)2022
CVE-2022-24785 [HIGH] CVE-2022-24785: node-moment - Moment.js is a JavaScript date library for parsing, validating, manipulating, an... Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all a
debian
CVE-2022-31129P3HIGHCVSS 7.5fixed in node-moment 2.29.4+ds-1 (bookworm)2022
CVE-2022-31129 [HIGH] CVE-2022-31129: node-moment - moment is a JavaScript date library for parsing, validating, manipulating, and f... moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a no
debian
CVE-2017-18214P3LOWCVSS 6.5fixed in node-moment 2.19.3+ds-1 (bookworm)2017
CVE-2017-18214 [MEDIUM] CVE-2017-18214: node-moment - The moment module before 2.19.3 for Node.js is prone to a regular expression den... The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. Scope: local bookworm: resolved (fixed in 2.19.3+ds-1) bullseye: resolved (fixed in 2.19.3+ds-1) forky: resolved (fixed in 2.19.3+ds-1) sid: resolved (fixed in 2.19.3+ds-1) trixie: resolved (fix
debian
CVE-2016-4055P4LOWCVSS 6.5fixed in node-moment 2.13.0+ds-1 (bookworm)2016
CVE-2016-4055 [MEDIUM] CVE-2016-4055: node-moment - The duration function in the moment package before 2.11.2 for Node.js allows rem... The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." Scope: local bookworm: resolved (fixed in 2.13.0+ds-1) bullseye: resolved (fixed in 2.13.0+ds-1) forky: resolved (fixed in 2.13.0+ds-1) sid: resolved
debian
Debian Node-Moment vulnerabilities | cvebase