Outdated Static Dependency in vue-moment
Moderate severity
GitHub Reviewed
Published
Sep 4, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 4, 2020
Last updated
Jan 9, 2023
Versions of
vue-moment
prior to 4.1.0 contain an Outdated Static Dependency. The package depends onmoment
and has it loaded statically instead of as a dependency that can be updated. It hasmoment@2.19.1
that contains a Regular Expression Denial of Service vulnerability.Recommendation
Upgrade to version 4.1.0 or later.
References