CVE-2022-24785 @ Npm-moment-2.29.1

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2022-24785) about CVE-2022-24785
**Checkmarx Project:** [YSLCx/Github\_demo](https://ast.checkmarx.net/projects/f3e24e6d-f6bb-42db-8b51-bcec96c9232c/overview?branch=main)
**Repository URL:** [https://github.com/YSLCx/Github\_demo](https://github.com/YSLCx/Github_demo)
**Branch:** main
**Scan ID:** [f799fc13\-25e4\-479c\-a802\-e1aeacbb3e2d](https://ast.checkmarx.net/projects/f3e24e6d-f6bb-42db-8b51-bcec96c9232c/scans?id=f799fc13-25e4-479c-a802-e1aeacbb3e2d&branch=main)


----
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** NONE
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 2.29.4


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2022-24785 @ Npm-moment-2.29.1 #20

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2022-24785 @ Npm-moment-2.29.1 #20

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions