Moment is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).
eoftedal
commented
2 years ago
Moment is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).