This repository has been archived by the owner on Jun 2, 2023. It is now read-only.
Cx62f5bb1b-fa5e @ Npm-moment-2.29.1 #4
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Vulnerable Package issue exists @ Npm-moment-2.29.1 in branch main
A Regular Expression Denial of Service (ReDoS) in moment 2.18 through 2.29.3 makes the server unavailable when a specially crafted input is provided to the default function moment(), which nearly matches the pattern being matched.
This will cause the regular expression matching to take a long time, all the while occupying the event loop and preventing it from processing other requests.
Namespace: yangricardo
Repository: nextjs-tailwind-reacthook-form-ant-design-template
Repository Url: https://github.com/yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
CxAST-Project: yangricardo/nextjs-tailwind-reacthook-form-ant-design-template
CxAST platform scan: 8fc1cf6c-819f-4734-b20d-87c2af04c0b2
Branch: main
Application: nextjs-tailwind-reacthook-form-ant-design-template
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-1333
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 2.29.4
References
Issue
Commit
Pull request
Advisory
The text was updated successfully, but these errors were encountered: