-
Type: Bug
-
Status: Resolved
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 3.1.x, 3.0.x
-
Component/s: UI
-
Release Notes Summary:Moment package updated to latest version(2.30.1) resolving veracode issues due to this library
-
Tags:
-
Sprint:UI - 2024-8
-
Story Points:5
CVE-2022-31129 | CWE-1333
Severity : High
moment is vulnerable to regular expression denial of service. The vulnerability exists due to the inefficient regex pattern used in the `preprocessRFC2822` function of `from-string.js`, allowing an attacker to crash the application by providing malicious inputs of more than 10k characters.
Module : moment
nuxeo-web-ui.zip#zip:node_modules:moment
Current Version : 2.23.0
Recommended Upgrade Version : 2.29.4 to 2.30.1
- is related to
-
WEBUI-1521 [MOMENT] CVE-2022-24785 | CWE-22
- Resolved
- links to