Overview
date-and-time is a package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service.
Remediation
Upgrade to version version 0.14.2 or later.
Resources
Have content suggestions? Send them to [email protected]
Advisory timeline
published
Advisory PublishedDec 30th, 2020reported
Reported by AnonymousDec 30th, 2020
