CVE-2017-18214 - Update Moment dependency to ^2.19.3 or 2.29.1

rogerc / file-stream-rotator

NodeJS file stream rotator

MIT License

143 stars 69 forks source link

CVE-2017-18214 - Update Moment dependency to ^2.19.3 or 2.29.1 #85

Closed ddsharpe closed 2 years ago

ddsharpe commented 3 years ago

CVE-2017-18214. The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

rogerc commented 2 years ago

@ddsharpe thanks for raising. change has been committed and will be included in the next release.