Next Phenomenal Microbrewery
Severity: moderate

Regular Expression Denial of Service

date-and-time

Overview

date-and-time is a package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service.

Remediation

Upgrade to version version 0.14.2 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Dec 30th, 2020
  2. reported

    Reported by Anonymous
    Dec 30th, 2020