moment

Regular Expression Denial of Service

Severity: low

Overview

Affected versions of moment are vulnerable to a low severity regular expression denial of service when parsing dates as strings.

Remediation

Update to version 2.19.3 or later.

Vulnerable versions

1.0.0
7 years ago
1.0.1
7 years ago
1.1.0
7 years ago
1.1.1
7 years ago
1.2.0
7 years ago
1.3.0
7 years ago
1.4.0
7 years ago
1.5.0
6 years ago
1.5.1
6 years ago
1.6.0
6 years ago
1.6.1
6 years ago
1.6.2
6 years ago
1.7.0
6 years ago
1.7.1
6 years ago
1.7.2
6 years ago
2.0.0
6 years ago
2.1.0
5 years ago
2.2.1
5 years ago
2.3.0
5 years ago
2.3.1
5 years ago
2.4.0
5 years ago
2.5.0
5 years ago
2.5.1
5 years ago
2.6.0
4 years ago
2.7.0
4 years ago
2.8.0
4 years ago
2.8.1
4 years ago
2.8.2
4 years ago
2.8.3
4 years ago
2.8.4
4 years ago
2.9.0
4 years ago
2.10.0
3 years ago
2.10.1
3 years ago
2.10.2
3 years ago
2.10.3
3 years ago
2.10.5
3 years ago
2.10.6
3 years ago
2.11.0
3 years ago
2.11.1
3 years ago
2.11.2
3 years ago
2.12.0
2 years ago
2.13.0
2 years ago
2.14.0
2 years ago
2.14.1
2 years ago
2.15.0
2 years ago
2.15.1
2 years ago
2.15.2
2 years ago
2.16.0
2 years ago
2.17.0
2 years ago
2.17.1
2 years ago
2.18.0
a year ago
2.18.1
a year ago
2.19.0
10 months ago
2.19.1
10 months ago
2.19.2
9 months ago

Unaffected versions

2.19.3
9 months ago
2.19.4
8 months ago
2.20.0
8 months ago
2.20.1
8 months ago
2.21.0
5 months ago
2.22.0
5 months ago
2.22.1
4 months ago
2.22.2
2 months ago

Advisory timeline

  1. Published

    Advisory published
    Nov 27th, 2017
  2. Reported

    Initial report by Cristian-Alexandru Staicu
    Sep 21st, 2017