Description

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

Remediation

References

CVE-2016-4055

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2010-1129)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-1850)

LimeSurvey Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-41075)

WordPress Plugin SoundCloud Is Gold 'width' Parameter Cross-Site Scripting (2.1)

Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2928)

Severity

Medium

Classification

CVE-2016-4055 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities