GMS-2020-550: Outdated Static Dependency in vue-moment

September 4, 2020 (updated October 4, 2021)

Versions of vue-moment contain an Outdated Static Dependency. The package depends on moment and has it loaded statically instead of as a dependency that can be updated. It has moment@2.19.1 that contains a Regular Expression Denial of Service vulnerability.

References

github.com/advisories/GHSA-hrpp-f84w-xhfg
github.com/brockpetrie/vue-moment/commit/a265e54660a7181a6795a12a97cebac5b305746e
snyk.io/vuln/SNYK-JS-VUEMOMENT-538934
www.npmjs.com/advisories/1425
www.npmjs.com/advisories/532

Detect and mitigate GMS-2020-550 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →