Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-1520

[MOMENT] CVE-2022-31129 | CWE-1333

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web UI

      Description

      CVE-2022-31129 | CWE-1333

      Severity : High

      moment is vulnerable to regular expression denial of service. The vulnerability exists due to the inefficient regex pattern used in the `preprocessRFC2822` function of `from-string.js`, allowing an attacker to crash the application by providing malicious inputs of more than 10k characters.

      Module : moment

      nuxeo-web-ui.zip#zip:node_modules:moment

      Current Version : 2.23.0

      Recommended Upgrade Version : 2.29.4 to 2.30.1

       

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: