This repository has been archived by the owner on Apr 27, 2022. It is now read-only.
ng.theme.shared-4.4.4.tgz: 1 vulnerabilities (highest severity is: 7.5) #91
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Vulnerable Library - ng.theme.shared-4.4.4.tgz
Path to dependency file: /angular/package.json
Path to vulnerable library: /angular/node_modules/moment/package.json
Found in HEAD commit: 2f6811d1524ee5c5357ac1bc44db8755973358c4
Vulnerabilities
Details
CVE-2022-24785
Vulnerable Library - moment-2.29.1.tgz
Parse, validate, manipulate, and display dates
Library home page: https://registry.npmjs.org/moment/-/moment-2.29.1.tgz
Path to dependency file: /angular/package.json
Path to vulnerable library: /angular/node_modules/moment/package.json
Dependency Hierarchy:
Found in HEAD commit: 2f6811d1524ee5c5357ac1bc44db8755973358c4
Found in base branch: develop
Vulnerability Details
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Publish Date: 2022-04-04
URL: CVE-2022-24785
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8hfj-j24r-96c4
Release Date: 2022-04-04
Fix Resolution (moment): 2.29.2
Direct dependency fix Resolution (@abp/ng.theme.shared): 5.0.0-beta.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: