Hernev

**Name of the Vulnerable Software and Affected Versions** moment versions prior to 2.29.4 **Description** The issue is related to an inefficient parsing algorithm used in the moment JavaScript date library, specifically in the string-to-date parsing and rfc2822 parsing. This results in quadratic complexity on specific inputs, causing a noticeable slowdown with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to (Re)DoS attacks. **Recommendations** For moment versions prior to 2.29.4, upgrade to version 2.29.4 or later. As a temporary workaround, consider limiting the length of user input to something sane, like 200 characters or less, to minimize the risk of exploitation.