Nefarious Planetary Meddling
Severity: low

Regular Expression Denial of Service

moment

Overview

Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings.

Remediation

Update to version 2.19.3 or later.

Advisory timeline

  1. published

    Advisory published
    Nov 27th, 2017
  2. reported

    Sep 21st, 2017