Security information
Factors contributing to the scoring:
Snyk: [CVSS 7.5](https://security.snyk.io/vuln/SNYK-JS-MOMENT-2944238) - High Severity
NVD: [CVSS 7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-31129) - High Severity
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
moment is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).
Introduced through ghost-ignition@4.6.3 Fixed in moment@2.29.4
Detailed paths
Security information Factors contributing to the scoring:
Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview
moment is a lightweight JavaScript date library for parsing, validating, manipulating, and formatting dates.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).