My Security Team has run a scan on this extension that I love and found that the moment.js version have critical security problems.
Vulnerability Details:
The Moment JavaScript library (moment.js) version 2.17.1 used in the plug-in is known to have two critical security vulnerabilities, as follows:
CVE-2017-18214: This vulnerability allows attackers to conduct remote code execution or cause a denial of service (DoS) attack by tricking the application into parsing crafted date strings. More details about this vulnerability can be viewed at the following link(https://security.snyk.io/vuln/npm:moment:20170905).
CVE-2022-24785: This vulnerability allows attackers to perform denial of service (DoS) attacks by passing specially crafted date strings to the application, causing unexpected behavior in the library. For further information, please refer (https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4).
Is there a way that this library can be updated so that I can get this past my security team?
My Security Team has run a scan on this extension that I love and found that the moment.js version have critical security problems.
Vulnerability Details: The Moment JavaScript library (moment.js) version 2.17.1 used in the plug-in is known to have two critical security vulnerabilities, as follows:
CVE-2017-18214: This vulnerability allows attackers to conduct remote code execution or cause a denial of service (DoS) attack by tricking the application into parsing crafted date strings. More details about this vulnerability can be viewed at the following link(https://security.snyk.io/vuln/npm:moment:20170905).
CVE-2022-24785: This vulnerability allows attackers to perform denial of service (DoS) attacks by passing specially crafted date strings to the application, causing unexpected behavior in the library. For further information, please refer (https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4).
Is there a way that this library can be updated so that I can get this past my security team?
Thanks in advance