-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Vulnerability on moment.updateLocale #5914
Comments
Any comment on this issue? This is a high priority for us. |
tag @ichernev |
So if you have a java script array
May you elaborate what exactly is the issue here, because my simple mind can't comprehend it. |
Thanks for the reply. I am working with my internal open source team to understand better why they flagged this as a security issue. |
Looks like it was mitigated in later version of package. |
We have been flagged in multiple repos about the moment.updateLocale() function.
Guidance: - Calls to moment.updateLocale will slowly increase memory usage that is intentionally never freed, which can result in resource exhaustion.
It does not provide guidance on a particular version that this issue might have been fixed within. We are currently using 2.22.2.
Is there a version where this has been fixed? If not, is there a plan in place to address this issue?
The text was updated successfully, but these errors were encountered: