Lucene search
Veracode Vulnerability DatabaseVERACODE:38802HistoryJan 09, 2023 - 4:25 a.m.
Regular Expression Denial Of Service
2023-01-0904:25:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
28
luxon
regular expression denial of service
redos
regexparser.js
system crash
0.002 Low
EPSS
Percentile
61.1%
luxon is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability exists via the replace parameter in regexParser.js, which does not properly handle user-untrusted data allowing the attacker to supply arbitrary input to the function, resulting in a system crash.
References
github.com/moment/luxon/commit/204cdfe65e4a3f0e3a9d0d7489278152d2c51234
github.com/moment/luxon/commit/5ab3bf64a10da929a437629cdb2f059bb83212bf
github.com/moment/luxon/commit/612e0c778d2dedb947f3e5160c46601688ea4959
github.com/moment/luxon/security/advisories/GHSA-3xq5-wjfh-ppjc
github.com/moment/moment/pull/6015#issuecomment-1152961973
github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
Related
ibm
ibm
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Moment CVE-2023-22467
2023-03-20 18:15:15
fedora
fedora
[SECURITY] Fedora 39 Update: python-nikola-8.3.0-1.fc39
2024-02-12 02:44:19
[SECURITY] Fedora 38 Update: python-nikola-8.3.0-1.fc38
2024-02-12 01:52:24
redhatcve
redhatcve
CVE-2023-22467
2023-01-11 08:35:01
openvas
openvas
Fedora: Security Advisory for python-nikola (FEDORA-2024-1eb20f8ec3)
2024-02-12 00:00:00
Fedora: Security Advisory for python-nikola (FEDORA-2024-262ad83644)
2024-02-13 00:00:00
github
github
Luxon Inefficient Regular Expression Complexity vulnerability
2023-01-09 14:10:49
nessus
nessus
Fedora 38 : python-nikola (2024-1eb20f8ec3)
2024-02-11 00:00:00
Fedora 39 : python-nikola (2024-262ad83644)
2024-02-11 00:00:00
prion
prion
Input validation
2023-01-04 22:15:00
osv
osv
Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-07-06 18:38:49
CVE-2022-31129
2022-07-06 18:15:19
CVE-2023-22467
2023-01-04 22:15:09
cvelist
cvelist
cve
cve
CVE-2023-22467
2023-01-04 22:15:09
nvd
nvd
CVE-2023-22467
2023-01-04 22:15:09
redhat
redhat