SPA-asp.net-api-vuejs- icon indicating copy to clipboard operation
SPA-asp.net-api-vuejs- copied to clipboard

Published 20 hours ago verified publisher icon mubaidr

CVE-2017-18214 High Severity Vulnerability detected by WhiteSource

Open mend-bolt-for-github[bot] opened this issue 5 years ago • 0 comments

CVE-2017-18214 - High Severity Vulnerability

Vulnerable Library - moment-2.12.0.tgz

Parse, validate, manipulate, and display dates

path: /tmp/git/SPA-asp.net-api-vuejs-/MBO/node_modules/hapi/node_modules/joi/node_modules/moment/package.json

Library home page: http://registry.npmjs.org/moment/-/moment-2.12.0.tgz

Dependency Hierarchy:

  • prerender-spa-plugin-2.1.0.tgz (Root Library)
    • hapi-13.2.2.tgz
      • joi-8.0.4.tgz
        • :x: moment-2.12.0.tgz (Vulnerable Library)

Vulnerability Details

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

Publish Date: 2018-03-04

URL: CVE-2017-18214

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb

Release Date: 2017-11-29

Fix Resolution: Replace or update the following files: regex.js, moment-with-locales.js, moment.js

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] avatar Feb 11 '19 03:02 mend-bolt-for-github[bot]