[WEBUI-1521] [MOMENT] CVE-2022-24785 | CWE-22 - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Web UI

Epic Link:
[May 2024] Security fixes for Web UI third-party libraries
Tags:
- nxui
- nxui-triaged
Sprint:
UI - 2024-7

Description

CVE-2022-24785 | CWE-22

Severity : High

moment is vulnerable to path traversal. An attacker is able to access files outside the expected directory especially when a user-provided locale string is directly used to switch moment locale.

Current Version : 2.23.0

Recommended Upgrade Version : 2.29.4 to 2.30.1

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2024-05-14-18-25-47-678.png
101 kB
2024-05-14 12:55

Activity

People

Assignee:

Unassigned

Reporter:

Madhur Kulshrestha

Participants:

Madhur Kulshrestha

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2024-05-14 12:22

Updated:

2024-06-06 08:59