PT-2020-16407 · Npm · Date-And-Time

Published

2020-12-24

Updated

2020-12-30

CVE-2020-26289

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions date-and-time versions prior to 0.14.2

Description The issue is related to a regular expression involved in parsing, which can be exploited to cause a denial of service. This problem is associated with the date-and-time npm package, used for manipulating date and time.

Recommendations For versions prior to 0.14.2, update to version 0.14.2 to resolve the issue. As a temporary workaround, consider restricting the use of the parsing function that involves the vulnerable regular expression until a patch is applied.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2020-26289

GHSA-R92X-F52R-X54G

Affected Products

Date-And-Time

PT-2020-16407 · Npm · Date-And-Time

CVE-2020-26289

Weakness Enumeration

Related Identifiers

Affected Products

References · 9