Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in moment-timezone.
Advisories for Npm/Moment-Timezone package
2022
Cleartext Transmission of Sensitive Information in moment-timezone
Impact if Alice uses grunt data (or grunt release) to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata pipeline, or potentially produce a tainted version of moment-timezone (practicality of such attacks is not proved) Patches Problem has been patched in version 0.5.35, patch should …