[WEBUI-1521] [MOMENT] CVE-2022-24785 | CWE-22 - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.x, 3.1.x
Fix Version/s: 3.0.36, 3.1.12
Component/s: Web UI

Release Notes Summary:
Moment package updated to latest version(2.30.1) resolving veracode issues due to this library
Epic Link:
[May 2024] Security fixes for Web UI third-party libraries
Tags:
- nxui
- nxui-triaged
Sprint:
UI - 2024-8
Story Points:
3

Description

CVE-2022-24785 | CWE-22

Severity : High

moment is vulnerable to path traversal. An attacker is able to access files outside the expected directory especially when a user-provided locale string is directly used to switch moment locale.

Current Version : 2.23.0

Recommended Upgrade Version : 2.29.4 to 2.30.1

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2024-08-21-10-34-12-408.png
28 kB
2024-08-21 05:04
image-2024-05-14-18-25-47-678.png
101 kB
2024-05-14 12:55

Issue Links

is related to

ELEMENTS-1752 [MOMENT] CVE-2022-31129 | CWE-1333

Resolved

Activity

People

Assignee:

Rahul Jain

Reporter:

Madhur Kulshrestha

Participants:

Madhur Kulshrestha, Rahul Jain

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2024-05-14 12:22

Updated:

2024-09-04 05:44

Resolved:

2024-08-21 05:05

Time Tracking

Estimated:

1w 5h

Remaining:

3d 3h

Logged:

2d 2h