Noncommital Premarital Mischief
Severity: low

Regular Expression Denial of Service

moment

Overview

Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings.

Remediation

Update to version 2.19.3 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Nov 27th, 2017
  2. reported

    Sep 21st, 2017