SPA-asp.net-api-vuejs- icon indicating copy to clipboard operation
SPA-asp.net-api-vuejs- copied to clipboard

Published 20 hours ago verified publisher icon mubaidr

WS-2016-0075 Medium Severity Vulnerability detected by WhiteSource

Open mend-bolt-for-github[bot] opened this issue 5 years ago • 0 comments

WS-2016-0075 - Medium Severity Vulnerability

Vulnerable Library - moment-2.12.0.tgz

Parse, validate, manipulate, and display dates

path: /tmp/git/SPA-asp.net-api-vuejs-/MBO/node_modules/hapi/node_modules/joi/node_modules/moment/package.json

Library home page: http://registry.npmjs.org/moment/-/moment-2.12.0.tgz

Dependency Hierarchy:

  • prerender-spa-plugin-2.1.0.tgz (Root Library)
    • hapi-13.2.2.tgz
      • joi-8.0.4.tgz
        • :x: moment-2.12.0.tgz (Vulnerable Library)

Vulnerability Details

Regular expression denial of service vulnerability in the moment package, by using a specific 40 characters long string in the "format" method.

Publish Date: 2016-10-24

URL: WS-2016-0075

CVSS 2 Score Details (5.8)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: https://github.com/moment/moment/commit/663f33e333212b3800b63592cd8e237ac8fabdb9

Release Date: 2016-10-24

Fix Resolution: Replace or update the following files: month.js, lt.js

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] avatar Feb 11 '19 03:02 mend-bolt-for-github[bot]