Search CVE reports
1 – 4 of 4 results
CVE-2022-31129
Medium prioritySome fixes available 4 of 92
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...
11 affected packages
gnucash, mediawiki, node-moment, ntopng, odoo...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnucash | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
node-moment | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
ntopng | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
odoo | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
omnidb | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
postfixadmin | Vulnerable | Fixed | Not affected | Not affected | Not affected |
ruby-momentjs-rails | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
sabnzbdplus | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
syncthing | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-24785
Medium prioritySome fixes available 3 of 6
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a...
2 affected packages
nikola, node-moment
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nikola | — | — | — | — | Vulnerable |
node-moment | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2017-18214
Low prioritySome fixes available 1 of 2
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
1 affected package
node-moment
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
node-moment | — | Not affected | Not affected | Not affected | Fixed |
CVE-2016-4055
Medium prioritySome fixes available 1 of 4
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
1 affected package
node-moment
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
node-moment | — | Not affected | Not affected | Not affected | Fixed |