Regular Expression Denial of Service (ReDoS) vulnerability in moment

[camgrimsec]

Introduced through [email protected] Fixed in [email protected]

Exploit maturity
Proof of Concept

Detailed paths

Introduced through: @tryghost/[email protected] › [email protected] › [email protected]
Fix: No remediation path available. 

Security information Factors contributing to the scoring:

Snyk: [CVSS 7.5](https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238) - High Severity
NVD: [CVSS 7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-31129) - High Severity

Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview

moment is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).