TRIAL REQUEST A DEMO LOGIN

moment.js - Regular Expression Denial of Service Vulnerability

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Rule number

SN-JSL-017 (for ServiceNow)

SF-JSL-017 (for Salesforce)

Impact

moment.js is vulnerable to regular expression denial of service when user input is passed unchecked into moment.duration() blocking the event loop for a period of time. A regular expression string which takes years to evaluate can be introduced, causing the browser to hang.

Remediation

Update moment.js to the latest version.

Time to fix

30 min

What's here


Related content

JavaScript rules

JavaScript best practices

Common Weakness Enumeration (CWE™)

Vulnerabilities in Open Source Libraries




Last modified on Sep 7, 2020
Copyright © QualityClouds 2021