SN-JSL-017 (for ServiceNow)
SF-JSL-017 (for Salesforce)
moment.js is vulnerable to regular expression denial of service when user input is passed unchecked into moment.duration() blocking the event loop for a period of time. A regular expression string which takes years to evaluate can be introduced, causing the browser to hang.
Update moment.js to the latest version.
Time to fix