CVE-2017-18214

moderate-risk

Published 2018-03-04

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

Do I need to act?

0.42% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Moment

Nessus

Affected Vendors

Tenable Momentjs

References (6)

Issue Tracking https://github.com/moment/moment/issues/4163

Not Applicable https://nodesecurity.io/advisories/532

Patch https://www.tenable.com/security/tns-2019-02

Issue Tracking https://github.com/moment/moment/issues/4163

Not Applicable https://nodesecurity.io/advisories/532

Patch https://www.tenable.com/security/tns-2019-02

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 7/34 · Low