JavaScript Moment.js Security Update Advisory (CVE-2022-24785)

Jul 10 2024

Overview

An update has been made available to address a vulnerability in Moment.js, JavaScript’s date library. Users of affected versions are advised to update to the latest version.

Affected Products

Moment.js versions: 1.01 (inclusive) ~ 2.29.1 (excluded)

Resolved Vulnerabilities

CVE-2022-24785: Path Traversal Vulnerability in the Date Library (7.5 high, CVSSV3.1 Registration Date: 2024.04.12)

This is a vulnerability for which an exploit poc[3] was recently released and requires an update if you are using an older version.

Vulnerability Patches

Moment.js version: 2.29.2

Referenced Sites

[1] CVE-2022-24785 Detail

https://nvd.nist.gov/vuln/detail/cve-2022-24785

[2] Path Traversal: ‘dir/../../filename’ in moment.locale

https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4

[3] How CVE-2022-24785 MomentJS Path Traversal Works: Detailed Exploit Guide

https://0xjay.com/how-cve-2022-24785-momentjs-path-traversal-works-detailed-exploit-guide

JavaScript Moment.js Security Update Advisory (CVE-2022-24785)

Apache HTTP Server Security Update Advisory (CVE-2024-39884)

WhatsUp Gold product security update advisory

Tags:

Apache HTTP Server Security Update Advisory (CVE-2024-39884)

WhatsUp Gold product security update advisory