Package impact
npm / moment
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2016-4055 | medium | 6.5 | 6.5 | 10y ago | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Ser… | |
| CVE-2022-31129 | unknown | — | — | 4y ago | Moment.js vulnerable to Inefficient Regular Expression Complexity | |
| CVE-2022-24785 | unknown | — | — | 4y ago | Path Traversal: 'dir/../../filename' in moment.locale | |
| CVE-2017-18214 | unknown | — | — | 8y ago | The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. |