jospaquim/MundoDePatitas

WS-2022-0284 (Critical) detected in moment-timezone-0.5.15.min.js

mend-bolt-for-github opened this issue · 0 comments

mend-bolt-for-github commented

WS-2022-0284 - Critical Severity Vulnerability

Vulnerable Library - moment-timezone-0.5.15.min.js

Parse and display moments in any timezone.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/moment-timezone/0.5.15/moment-timezone.min.js

Path to vulnerable library: /wwwroot/lib/countdown/moment-timezone.min.js

Dependency Hierarchy:

  • moment-timezone-0.5.15.min.js (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Cleartext Transmission of Sensitive Information in moment-timezone

Publish Date: 2022-08-30

URL: WS-2022-0284

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-v78c-4p63-2j6c

Release Date: 2022-08-30

Fix Resolution: moment-timezone - 0.5.35

Step up your Open Source Security Game with Mend here