WS-2016-0075 Medium Severity Vulnerability detected by WhiteSource #1144
Open
Description
WS-2016-0075 - Medium Severity Vulnerability
Vulnerable Library - moment-2.0.0.tgz
Parse, manipulate, and display dates.
path: /tmp/git/FinancialManager/web/assets/vendors/jqvmap/node_modules/moment/package.json
Library home page: http://registry.npmjs.org/moment/-/moment-2.0.0.tgz
Dependency Hierarchy:
- grunt-changelog-0.2.2.tgz (Root Library)
- ❌ moment-2.0.0.tgz (Vulnerable Library)
Vulnerability Details
Regular expression denial of service vulnerability in the moment package, by using a specific 40 characters long string in the "format" method.
Publish Date: 2016-10-24
URL: WS-2016-0075
CVSS 2 Score Details (5.8)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: moment/moment@663f33e
Release Date: 2016-10-24
Fix Resolution: Replace or update the following files: month.js, lt.js
Step up your Open Source Security Game with WhiteSource here