Shopping Cart

No products in the cart.

Quality Clouds Community
Quality Clouds Community
View Categories

moment.js – Regular Expression Denial Of Service Vulnerability

Table of Contents
Impact Area

Security

 

 

 

Severity

High

 

 

 

Affected Element

ServiceNow

UI Script

Salesforce

Static Resource

Rule number #

SN-JSL-017 (for ServiceNow)

SF-JSL-017 (for Salesforce)

Impact #

moment.js is vulnerable to regular expression denial of service when user input is passed unchecked into moment.duration() blocking the event loop for a period of time. A regular expression string which takes years to evaluate can be introduced, causing the browser to hang.

Remediation #

Update moment.js to the latest version.

Time to fix

30 min

What are your Feelings

Powered by BetterDocs

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .