moment — CVE history (npm)
moment
4 CVEs affect the moment npm package (highest CVSS 7.5). Latest disclosed: 2022-07-06. Full CVE history sourced from NVD.
Summary
- Package
moment(npm)- Total CVEs
4- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2022-07-06
Recent CVEs (top 4)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-31129 | High | 7.5 | — | 2022-07-06 | moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. |
CVE-2022-24785 | High | 7.5 | — | 2022-04-04 | Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. |
CVE-2017-18214 | High | 7.5 | — | 2018-03-04 | The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. |
CVE-2016-4055 | Medium | 6.5 | — | 2017-01-23 | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." |
All-time worst (top 4 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-31129 | High | 7.5 | — | 2022-07-06 | moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. |
CVE-2022-24785 | High | 7.5 | — | 2022-04-04 | Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. |
CVE-2017-18214 | High | 7.5 | — | 2018-03-04 | The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. |
CVE-2016-4055 | Medium | 6.5 | — | 2017-01-23 | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." |