CVE-2020-26289

Uncontrolled Resource Consumption in npm/date-and-time

Identifier

CVE-2020-26289

Package Slug

npm/date-and-time

Vulnerability

Uncontrolled Resource Consumption

Description

date-and-time is an npm package for manipulating date and time. In date-and-time, there a regular expression involved in parsing which can be exploited to cause a denial of service. This is fixed

Affected Versions

All versions before 0.14.2

Solution

Upgrade to version 0.14.2 or above.

Last Modified

2021-01-01

source