Describe the bug
When enabling the editable plugin, Moment.js version 2.18.1 is visible on the site with 1 known low vulnerability.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). It used a regular expression (/[0-9]['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+|[\u0600-\u06FF\/]+(\s?[\u0600-\u06FF]+){1,2}/i) in order to parse dates specified as strings. This can cause a very low impact of about 2 seconds matching time for data 50k characters long.
To Reproduce
Steps to reproduce the behavior:
(There are a few methods but I have used Google Lighthouse)
Dokuwiki with the editable plugin installed using a Chromium based browser.
Click F12
Scroll along the tabs to Lighthouse
Untick all bar 'Best Practices'
Click Generate Report
Scroll down to the bottom section which outlines Trust & Safety.
See vulnerability
Screenshots
Desktop:
OS: Windows 10
Browser Google Chrome
Version 86
Describe the bug When enabling the editable plugin, Moment.js version 2.18.1 is visible on the site with 1 known low vulnerability.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). It used a regular expression (/[0-9]['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+|[\u0600-\u06FF\/]+(\s?[\u0600-\u06FF]+){1,2}/i) in order to parse dates specified as strings. This can cause a very low impact of about 2 seconds matching time for data 50k characters long.
To Reproduce Steps to reproduce the behavior: (There are a few methods but I have used Google Lighthouse)
Dokuwiki with the editable plugin installed using a Chromium based browser. Click F12 Scroll along the tabs to Lighthouse Untick all bar 'Best Practices' Click Generate Report Scroll down to the bottom section which outlines Trust & Safety. See vulnerability
Screenshots
Desktop: OS: Windows 10 Browser Google Chrome Version 86
Additional context Further reading around the library: https://snyk.io/vuln/npm:moment?lh=2.18.1&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit
Version of Dokuwiki used: Release 2020-07-29 "Hogfather" Installed version: 2020-08-12