CVE-2022-31129
- EPSS 4.18%
- Published 06.07.2022 18:15:19
- Last modified 21.11.2024 07:03:57
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rf...
CVE-2022-24785
- EPSS 0.61%
- Published 04.04.2022 17:15:07
- Last modified 21.11.2024 06:51:05
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string ...
CVE-2017-18214
- EPSS 0.32%
- Published 04.03.2018 21:29:00
- Last modified 21.11.2024 03:19:35
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
CVE-2016-4055
- EPSS 3.85%
- Published 23.01.2017 21:59:01
- Last modified 20.04.2025 01:37:25
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."