file-stream-rotator icon indicating copy to clipboard operation
file-stream-rotator copied to clipboard

Published 20 hours ago verified publisher icon rogerc

CVE-2022-31129 in moment transitiv dependecy

Open 3XC1T3D opened this issue 2 years ago • 0 comments

Hi,

file-stream-rotator has a transitiv dependency "moment": "^2.29.1"

When we install it, 2.29.3 will be refrenced and here we have a CVE

┌───────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────┐
│        Library        │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                        Title                        │
├───────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────┤
│ moment (package.json) │ CVE-2022-31129 │ HIGH     │ 2.29.3            │ 2.29.4        │ Inefficient Regular Expression Complexity in moment │
│                       │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-31129          │
└───────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────┘

It is possible that you update the dependency?

Best Regards

3XC1T3D avatar Jul 07 '22 11:07 3XC1T3D