Moment vulnerability CVE-2022-24785

Issue date: 29-06-2022
Affects versions: 15.0, 14.7, 13.4

Security Issue ID

SECURITY-318

Affected Product Version(s)

15.0.0, 13.4.17, 14.7.6 and all previous versions

Severity

high

Description

CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

Instructions

Update to the latest version.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

Moment vulnerability CVE-2022-24785