Vulnerable Package issue exists @ Npm-moment-2.24.0 in branch master
A Regular Expression Denial of Service (ReDoS) in moment 2.18 through 2.29.3 makes the server unavailable when a specially crafted input is provided to the default function moment(), which nearly matches the pattern being matched.
This will cause the regular expression matching to take a long time, all the while occupying the event loop and preventing it from processing other requests.
Namespace: RobertMickleCx
Repository: NodeGoat
Repository Url: https://github.com/RobertMickleCx/NodeGoat
CxAST-Project: RobertMickleCx/NodeGoat
CxAST platform scan: 3f4864fd-127b-412c-8cca-4b4873ce2f29
Branch: master
Application: NodeGoat
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-1333
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 2.29.4
References
Issue
Commit
Pull request
Advisory
Vulnerable Package issue exists @ Npm-moment-2.24.0 in branch master
A Regular Expression Denial of Service (ReDoS) in moment 2.18 through 2.29.3 makes the server unavailable when a specially crafted input is provided to the default function moment(), which nearly matches the pattern being matched.
This will cause the regular expression matching to take a long time, all the while occupying the event loop and preventing it from processing other requests.
Namespace: RobertMickleCx
Repository: NodeGoat
Repository Url: https://github.com/RobertMickleCx/NodeGoat
CxAST-Project: RobertMickleCx/NodeGoat
CxAST platform scan: 3f4864fd-127b-412c-8cca-4b4873ce2f29
Branch: master
Application: NodeGoat
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-1333
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 2.29.4
References
Issue
Commit
Pull request
Advisory