CVE-2017-18214

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions moment versions prior to 2.19.3

Description The issue is related to a regular expression denial of service via a crafted date string. It allows a remote attacker to cause a denial of service. The vulnerability is associated with an uncontrolled resource consumption.

Recommendations Update to version 2.19.3 or later. As a temporary workaround, consider restricting the use of date string parsing functionality in the moment module until a patch is available.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

AZL-32178

AZL-41019

BDU:2021-02952

CVE-2017-18214

GHSA-446M-MV8F-Q348

RHSA-2023:0552

RHSA-2023:0553

RHSA-2023:0554

USN-4786-1

Affected Products

Jira

Ubuntu

Moment

CVE-2017-18214

Weakness Enumeration

Related Identifiers

Affected Products

References · 26