Security Dependency Update Moment.js to 2.29.4 in Nextcloud 24.0.4

[stondino00]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Nessus is reporting a security issue with Moment.js.

2.29.4
Release Jul 6, 2022
moment/moment#6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

Steps to reproduce

Just scanned with nessus

Expected behavior

Show current 2.29.4 version

Installation method

No response

Operating system

No response

PHP engine version

No response

Web server

No response

Database engine version

No response

Is this bug present after an update or on a fresh install?

No response

Are you using the Nextcloud Server Encryption module?

No response

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

No response

List of activated Apps

Enabled:
  - activity: 2.16.0
  - admin_audit: 1.14.0
  - circles: 24.0.0
  - cloud_federation_api: 1.7.0
  - comments: 1.14.0
  - contactsinteraction: 1.5.0
  - dashboard: 7.4.0
  - dav: 1.22.0
  - documentserver_community: 0.1.12
  - external: 4.0.0
  - federatedfilesharing: 1.14.0
  - files: 1.19.0
  - files_accesscontrol: 1.14.0
  - files_antivirus: 3.3.1
  - files_pdfviewer: 2.5.0
  - files_rightclick: 1.3.0
  - files_sharing: 1.16.2
  - files_trashbin: 1.14.0
  - files_versions: 1.17.0
  - files_videoplayer: 1.13.0
  - forms: 2.5.1
  - groupfolders: 12.0.1
  - guests: 2.2.0
  - impersonate: 1.11.0
  - keeweb: 0.6.9
  - logreader: 2.9.0
  - lookup_server_connector: 1.12.0
  - nextcloud_announcements: 1.13.0
  - notes: 4.4.0
  - notifications: 2.12.0
  - oauth2: 1.12.0
  - onlyoffice: 7.5.4
  - password_policy: 1.14.0
  - passwords: 2022.6.20
  - privacy: 1.8.0
  - provisioning_api: 1.14.0
  - ransomware_protection: 1.13.0
  - recommendations: 1.3.0
  - serverinfo: 1.14.0
  - settings: 1.6.0
  - sharebymail: 1.14.0
  - socialsharing_email: 2.5.0
  - spreed: 14.0.3
  - systemtags: 1.14.0
  - tasks: 0.14.4
  - text: 3.5.1
  - twofactor_backupcodes: 1.13.0
  - twofactor_email: 2.5.0
  - twofactor_nextcloud_notification: 3.4.0
  - twofactor_totp: 6.4.0
  - twofactor_webauthn: 0.3.1
  - user_ldap: 1.14.1
  - user_status: 1.4.0
  - viewer: 1.8.0
  - weather_status: 1.4.0
  - workflowengine: 2.6.0
Disabled:
  - accessibility: 1.8.0
  - encryption
  - federation: 1.11.0
  - files_external: 1.7.0
  - firstrunwizard: 2.10.0
  - photos: 1.1.0
  - support: 1.4.0
  - survey_client: 1.9.0
  - theming: 1.13.0

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

[szaimen]

Hi, please update to 24.0.9 or better 25.0.3 and report back if it fixes the issue. Thank you!

My goal is to add a label like e.g. 25-feedback to this ticket of an up-to-date major Nextcloud version where the bug could be reproduced. However this is not going to work without your help. So thanks for all your effort!

If you don't manage to reproduce the issue in time and the issue gets closed but you can reproduce the issue afterwards, feel free to create a new bug report with up-to-date information by following this link: https://github.com/nextcloud/server/issues/new?assignees=&labels=bug%2C0.+Needs+triage&template=BUG_REPORT.yml&title=%5BBug%5D%3A+