Search CVE reports


Toggle filters

1 – 4 of 4 results


CVE-2022-31129

Medium priority

Some fixes available 4 of 92

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

gnucash, mediawiki, node-moment, ntopng, odoo...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnucash Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
node-moment Not affected Fixed Fixed Fixed Needs evaluation
ntopng Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
odoo Needs evaluation Needs evaluation Not in release Not in release Not in release
omnidb Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
postfixadmin Vulnerable Fixed Not affected Not affected Not affected
ruby-momentjs-rails Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
sabnzbdplus Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
syncthing Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 11 packages Show less packages

CVE-2022-24785

Medium priority

Some fixes available 3 of 6

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a...

2 affected packages

nikola, node-moment

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nikola Vulnerable
node-moment Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2017-18214

Low priority

Some fixes available 1 of 2

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

1 affected package

node-moment

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-moment Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-4055

Medium priority

Some fixes available 1 of 4

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

1 affected package

node-moment

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-moment Not affected Not affected Not affected Fixed
Show less packages