Outdated Static Dependency Affecting vue-moment package, versions <4.1.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-VUEMOMENT-538934
- published 23 Dec 2019
- disclosed 23 Dec 2019
- credit Marnix le Noble
How to fix?
Upgrade vue-moment
to version 4.1.0 or higher.
Overview
vue-moment is a Handy Moment.js filters for your Vue.js project.
Affected versions of this package are vulnerable to Outdated Static Dependency. The package depends on moment
dependency and has it loaded statically instead of as a dependency that can be updated. It has moment@2.19.1
that contains a Regular Expression Denial of Service vulnerability (https://snyk.io/vuln/npm:moment:20170905).
References
CVSS Scores
version 3.1