New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability in the moment module before 2.19.3 #126
Comments
Is this in reference to the change proposed in #125? |
Perhaps this is the same problem. |
That PR updates the yarn.lock to v2.24.0 https://github.com/brockpetrie/vue-moment/pull/125/files#diff-8ee2343978836a779dc9f8d6b794c3b2 |
We haven't released the new version yet |
ok, thanks |
v4.1.0 is out now and should include the latest version of |
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
https://www.cvedetails.com/cve/CVE-2017-18214/
The text was updated successfully, but these errors were encountered: