Uploaded image for project: 'Nuxeo Elements'
  1. Nuxeo Elements
  2. ELEMENTS-1752

[MOMENT] CVE-2022-31129 | CWE-1333

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.x, 3.0.x
    • Fix Version/s: 3.0.36, 3.1.12
    • Component/s: UI

      Description

      CVE-2022-31129 | CWE-1333

      Severity : High

      moment is vulnerable to regular expression denial of service. The vulnerability exists due to the inefficient regex pattern used in the `preprocessRFC2822` function of `from-string.js`, allowing an attacker to crash the application by providing malicious inputs of more than 10k characters.

      Module : moment

      nuxeo-web-ui.zip#zip:node_modules:moment

      Current Version : 2.23.0

      Recommended Upgrade Version : 2.29.4 to 2.30.1

       

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 week, 4 days, 1 hour
                  1w 4d 1h
                  Remaining:
                  Time Spent - 1 week, 1 hour Remaining Estimate - 4 days
                  4d
                  Logged:
                  Time Spent - 1 week, 1 hour Remaining Estimate - 4 days
                  1w 1h