You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Moment is vulnerable to regular expression denial of service when user input is passed unchecked into moment.duration() blocking the event loop for a period of time.
Fix Resolution: Please update to version 2.11.2 or greater. If you are unable to update more information is available below.
A fix has been made available in a pull request. Do not allow untrusted user input into moment.duration() or truncate the length of the allowed input to reduce blocking potential.
in moment.js change line 1819 from
var aspNetRegex = /(\-)?(?:(\d*)[. ])?(\d+)\:(\d+)(?:\:(\d+)\.?(\d{3})?)?/;
to
var aspNetRegex = /^(\-)?(?:(\d*)[. ])?(\d+)\:(\d+)(?:\:(\d+)\.?(\d{3})?(?:\d*)?)?$/;
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered:
WS-2016-0006 - Medium Severity Vulnerability
Parse, manipulate, and display dates.
path: /tmp/git/FinancialManager/web/assets/vendors/jqvmap/node_modules/moment/package.json
Library home page: http://registry.npmjs.org/moment/-/moment-2.0.0.tgz
Dependency Hierarchy:
Moment is vulnerable to regular expression denial of service when user input is passed unchecked into moment.duration() blocking the event loop for a period of time.
Publish Date: 2016-01-26
URL: WS-2016-0006
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/55
Release Date: 2016-01-26
Fix Resolution: Please update to version 2.11.2 or greater. If you are unable to update more information is available below.
A fix has been made available in a pull request. Do not allow untrusted user input into
moment.duration()
or truncate the length of the allowed input to reduce blocking potential.in moment.js change line 1819 from
var aspNetRegex = /(\-)?(?:(\d*)[. ])?(\d+)\:(\d+)(?:\:(\d+)\.?(\d{3})?)?/;
to
var aspNetRegex = /^(\-)?(?:(\d*)[. ])?(\d+)\:(\d+)(?:\:(\d+)\.?(\d{3})?(?:\d*)?)?$/;
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: