Vulnerability Database

296,746

Total vulnerabilities in the database

Moderate severity vulnerability that affects moment

Withdrawn, accidental duplicate publish.

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

Published: Jul 31, 2018
Updated: Apr 14, 2023
GHSA: GHSA-hxf5-mg84-pj4m
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
moment	-	2.11.2

No references available.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo