Describe the patch
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).
Current dependency
- Name: moment
- Version: 2.29.3
Optional - Remediation
- Name: moment
- Version: 2.29.4
Additional context
Links or documentation to the vulnerability or dependency update.
Describe the patch
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the preprocessRFC2822() function in from-string.js, when processing a very long crafted string (over 10k characters).
Current dependency
Optional - Remediation
Additional context
Links or documentation to the vulnerability or dependency update.