Description

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

Remediation

References

CVE-2017-18214

Related Vulnerabilities

WordPress Plugin Front End Upload 'upload.php' Arbitrary File Upload (0.5.3)

ownCloud Improper Access Control Vulnerability (CVE-2016-9462)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1455)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3180)

WordPress 3.8.x Arbitrary File Deletion Vulnerability (3.8 - 3.8.26)

Severity

High

Classification

CVE-2017-18214 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities