The duration function in the moment package prior to 2.11.2 for Node.js allows remote malicious users to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
momentjs moment |
||
tenable nessus |
||
oracle primavera unifier |