Moment Luxon vulnerabilities
2 known vulnerabilities affecting moment/luxon.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2023-22467HIGHCVSS 7.5v>= 1.0.0, < 1.38.1v>= 2.0.0, < 2.5.2+1 more2023-01-04
CVE-2023-22467 [HIGH] CWE-1333 luxon.js inefficient regular expression complexity vulnerability
luxon.js inefficient regular expression complexity vulnerability
Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users pr
cvelistv5ghsaosv
CVE-2022-31129HIGHCVSS 7.5v>= 1.0.0, < 1.38.1v>= 2.0.0, < 2.5.2+1 more2022-07-06
CVE-2022-31129 [HIGH] CWE-400 CVE-2022-31129: moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Aff
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may
nvd