SPA-asp.net-api-vuejs-
SPA-asp.net-api-vuejs- copied to clipboard
WS-2016-0075 Medium Severity Vulnerability detected by WhiteSource
WS-2016-0075 - Medium Severity Vulnerability
Vulnerable Library - moment-2.12.0.tgz
Parse, validate, manipulate, and display dates
path: /tmp/git/SPA-asp.net-api-vuejs-/MBO/node_modules/hapi/node_modules/joi/node_modules/moment/package.json
Library home page: http://registry.npmjs.org/moment/-/moment-2.12.0.tgz
Dependency Hierarchy:
- prerender-spa-plugin-2.1.0.tgz (Root Library)
- hapi-13.2.2.tgz
- joi-8.0.4.tgz
- :x: moment-2.12.0.tgz (Vulnerable Library)
- joi-8.0.4.tgz
- hapi-13.2.2.tgz
Vulnerability Details
Regular expression denial of service vulnerability in the moment package, by using a specific 40 characters long string in the "format" method.
Publish Date: 2016-10-24
URL: WS-2016-0075
CVSS 2 Score Details (5.8)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: https://github.com/moment/moment/commit/663f33e333212b3800b63592cd8e237ac8fabdb9
Release Date: 2016-10-24
Fix Resolution: Replace or update the following files: month.js, lt.js
Step up your Open Source Security Game with WhiteSource here