CVE-2022-24785 Report - Details, Severity, & Advisories
Twingate Team
•
May 3, 2024
CVE-2022-24785 is a path traversal vulnerability with a severity rating of 7.5 (HIGH) according to CVSS Version 3.x, affecting Moment.js, a popular JavaScript date library. This vulnerability specifically impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1. Systems that use Moment.js in a server environment, particularly those that use user-provided locale strings to switch moment locale, are at risk. To mitigate this issue, users should update to version 2.29.2 or sanitize user-provided locale names before passing them to Moment.js.
How do I know if I'm affected?
If you're using Moment.js, a JavaScript date library, in a server environment and your version falls between 1.0.1 and 2.29.1, you might be affected by the vulnerability. This issue is particularly concerning if your system uses user-provided locale strings to switch moment locale. To check if you're affected, verify the version of Moment.js you're using and whether your system relies on user-provided locale strings.
What should I do if I'm affected?
If you're affected by the vulnerability, update Moment.js to version 2.29.2 or later. Additionally, sanitize user-provided locale names before passing them to Moment.js. This helps prevent path traversal issues and keeps your system secure.
Is cve-2022-24785 in CISA’s Known Exploited Vulnerabilities Catalog?
As of now, CVE-2022-24785 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as a path traversal issue, affects Moment.js, a JavaScript date library. To address this vulnerability, users should update to version 2.29.2 or sanitize user-provided locale names before passing them to Moment.js.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22 and CWE-27, which is a path traversal issue in Moment.js affecting server users who rely on user-provided locale strings.
For more details
CVE-2022-24785 is a path traversal vulnerability affecting Moment.js, a widely used JavaScript date library. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-24785 Report - Details, Severity, & Advisories
Twingate Team
•
May 3, 2024
CVE-2022-24785 is a path traversal vulnerability with a severity rating of 7.5 (HIGH) according to CVSS Version 3.x, affecting Moment.js, a popular JavaScript date library. This vulnerability specifically impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1. Systems that use Moment.js in a server environment, particularly those that use user-provided locale strings to switch moment locale, are at risk. To mitigate this issue, users should update to version 2.29.2 or sanitize user-provided locale names before passing them to Moment.js.
How do I know if I'm affected?
If you're using Moment.js, a JavaScript date library, in a server environment and your version falls between 1.0.1 and 2.29.1, you might be affected by the vulnerability. This issue is particularly concerning if your system uses user-provided locale strings to switch moment locale. To check if you're affected, verify the version of Moment.js you're using and whether your system relies on user-provided locale strings.
What should I do if I'm affected?
If you're affected by the vulnerability, update Moment.js to version 2.29.2 or later. Additionally, sanitize user-provided locale names before passing them to Moment.js. This helps prevent path traversal issues and keeps your system secure.
Is cve-2022-24785 in CISA’s Known Exploited Vulnerabilities Catalog?
As of now, CVE-2022-24785 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as a path traversal issue, affects Moment.js, a JavaScript date library. To address this vulnerability, users should update to version 2.29.2 or sanitize user-provided locale names before passing them to Moment.js.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22 and CWE-27, which is a path traversal issue in Moment.js affecting server users who rely on user-provided locale strings.
For more details
CVE-2022-24785 is a path traversal vulnerability affecting Moment.js, a widely used JavaScript date library. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-24785 Report - Details, Severity, & Advisories
Twingate Team
•
May 3, 2024
CVE-2022-24785 is a path traversal vulnerability with a severity rating of 7.5 (HIGH) according to CVSS Version 3.x, affecting Moment.js, a popular JavaScript date library. This vulnerability specifically impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1. Systems that use Moment.js in a server environment, particularly those that use user-provided locale strings to switch moment locale, are at risk. To mitigate this issue, users should update to version 2.29.2 or sanitize user-provided locale names before passing them to Moment.js.
How do I know if I'm affected?
If you're using Moment.js, a JavaScript date library, in a server environment and your version falls between 1.0.1 and 2.29.1, you might be affected by the vulnerability. This issue is particularly concerning if your system uses user-provided locale strings to switch moment locale. To check if you're affected, verify the version of Moment.js you're using and whether your system relies on user-provided locale strings.
What should I do if I'm affected?
If you're affected by the vulnerability, update Moment.js to version 2.29.2 or later. Additionally, sanitize user-provided locale names before passing them to Moment.js. This helps prevent path traversal issues and keeps your system secure.
Is cve-2022-24785 in CISA’s Known Exploited Vulnerabilities Catalog?
As of now, CVE-2022-24785 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as a path traversal issue, affects Moment.js, a JavaScript date library. To address this vulnerability, users should update to version 2.29.2 or sanitize user-provided locale names before passing them to Moment.js.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-22 and CWE-27, which is a path traversal issue in Moment.js affecting server users who rely on user-provided locale strings.
For more details
CVE-2022-24785 is a path traversal vulnerability affecting Moment.js, a widely used JavaScript date library. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions