The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
References
Configurations
History
07 Nov 2023, 02:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-01-23 21:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-4055
Mitre link : CVE-2016-4055
CVE.ORG link : CVE-2016-4055
JSON object : View
Products Affected
momentjs
- moment
tenable
- nessus
oracle
- primavera_unifier
CWE
CWE-400
Uncontrolled Resource Consumption