Closed ghsec closed 8 months ago
@ghsec Can you share the file, or is it confidential?
I did some updates to the detectors for moment.js. Maybe this goes away now.
Closing this. Let me know if the fixes didn't help.
@eoftedal thank you very much. I'll inform you if it is not fixed. I'll test it.
Retire.js version: (
retire --version
): 3.0.7node version: (
node --version
): 16Description: False positive detection of Momentjs CVE - cve-2022-24785
Expected behaviour: In this case No detection
Retire.js detected CVE-2022-24785 on a particular JavaScript file, which turned out to be a false positive. After analyzing the JavaScript file, it was found to contain the line Date(zc(c))})),e.version="2.29.4",n(Qo),e.fn=bn,e.min=ca, which led to the false positive detection.