Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
History

Sun, 08 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.4::el8
cpe:/a:redhat:acm:2.5::el8

Mon, 19 Aug 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.4::el8
cpe:/a:redhat:acm:2.5::el8

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-04-04T00:00:00

Updated: 2024-08-03T04:20:50.533Z

Reserved: 2022-02-10T00:00:00

Link: CVE-2022-24785

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-04T17:15:07.583

Modified: 2024-11-21T06:51:05.483

Link: CVE-2022-24785

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-04-04T00:00:00Z

Links: CVE-2022-24785 - Bugzilla