Outdated Static Dependency Affecting vue-moment package, versions <4.1.0


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-VUEMOMENT-538934
  • published 23 Dec 2019
  • disclosed 23 Dec 2019
  • credit Marnix le Noble

Introduced: 23 Dec 2019

CVE NOT AVAILABLE CWE-1104 Open this link in a new tab

How to fix?

Upgrade vue-moment to version 4.1.0 or higher.

Overview

vue-moment is a Handy Moment.js filters for your Vue.js project.

Affected versions of this package are vulnerable to Outdated Static Dependency. The package depends on moment dependency and has it loaded statically instead of as a dependency that can be updated. It has moment@2.19.1 that contains a Regular Expression Denial of Service vulnerability (https://snyk.io/vuln/npm:moment:20170905).

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
5.3 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    None
  • Availability (A)
    Low