Vulnerabilities > CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

Vulnerable Configurations

Part	Description	Count
Application	Momentjs Momentjs Moment 1.0.1 Momentjs Moment 1.1.0 Momentjs Moment 1.1.1 Momentjs Moment 1.1.2 Momentjs Moment 1.2.0 Momentjs Moment 1.3.0 Momentjs Moment 1.4.0 Momentjs Moment 1.5.0 Momentjs Moment 1.5.1 Momentjs Moment 1.6.0 Momentjs Moment 1.6.1 Momentjs Moment 1.6.2 Momentjs Moment 1.7.0 Momentjs Moment 1.7.1 Momentjs Moment 1.7.2 Momentjs Moment 2.0.0 Momentjs Moment 2.1.0 Momentjs Moment 2.2.0 Momentjs Moment 2.2.1 Momentjs Moment 2.3.0 Momentjs Moment 2.3.1 Momentjs Moment 2.4.0 Momentjs Moment 2.5.0 Momentjs Moment 2.5.1 Momentjs Moment 2.6.0 Momentjs Moment 2.7.0 Momentjs Moment 2.8.0 Momentjs Moment 2.8.1 Momentjs Moment 2.8.2 Momentjs Moment 2.8.3 Momentjs Moment 2.8.4 Momentjs Moment 2.9.0 Momentjs Moment 2.10.2 Momentjs Moment 2.10.3 Momentjs Moment 2.10.5 Momentjs Moment 2.10.6 Momentjs Moment 2.11.0 Momentjs Moment 2.11.1 Momentjs Moment 2.11.2 Momentjs Moment 2.12.0 Momentjs Moment 2.13.0 Momentjs Moment 2.14.0 Momentjs Moment 2.14.1 Momentjs Moment 2.14.2 Momentjs Moment 2.15.0 Momentjs Moment 2.15.1 Momentjs Moment 2.15.2 Momentjs Moment 2.16.0 Momentjs Moment 2.17.0 Momentjs Moment 2.17.1 Momentjs Moment 2.18.0 Momentjs Moment 2.18.1 Momentjs Moment 2.19.0 Momentjs Moment 2.19.1 Momentjs Moment 2.19.2 Momentjs Moment 2.19.3 Momentjs Moment 2.19.4 Momentjs Moment 2.20.0 Momentjs Moment 2.20.1 Momentjs Moment 2.21.0 Momentjs Moment 2.22.0 Momentjs Moment 2.22.1 Momentjs Moment 2.22.2 Momentjs Moment 2.23.0 Momentjs Moment 2.24.0 Momentjs Moment 2.25.0 Momentjs Moment 2.25.1 Momentjs Moment 2.25.2 Momentjs Moment 2.25.3 Momentjs Moment 2.26.0 Momentjs Moment 2.27.0 Momentjs Moment 2.28.0 Momentjs Moment 2.29.0 Momentjs Moment 2.29.1	75
Application	Tenable Tenable Tenable.Sc - Tenable Tenable.Sc 5.13.0 Tenable Tenable.Sc 5.14.0 Tenable Tenable.Sc 5.14.1 Tenable Tenable.Sc 5.16.0 Tenable Tenable.Sc 5.17.0 Tenable Tenable.Sc 5.18.0 Tenable Tenable.Sc 5.19.0 Tenable Tenable.Sc 5.19.1 Tenable Tenable.Sc 5.20.0 Tenable Tenable.Sc 5.20.1	11
Application	Netapp Netapp Active IQ -	1
OS	Fedoraproject Fedoraproject Fedora 35 Fedoraproject Fedora 36	2
OS	Debian Debian Debian Linux 10.0	1

Vulnerabilities > CVE-2022-24785 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-24785"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-24785