CVE-2022-24785 Report - Details, Severity, & Advisories | Twingate (2024)

Table of Contents
How do I know if I'm affected? What should I do if I'm affected? Is cve-2022-24785 in CISA’s Known Exploited Vulnerabilities Catalog? Weakness enumeration For more details

CVE-2022-24785 is a path traversal vulnerability with a severity rating of 7.5 (HIGH) according to CVSS Version 3.x, affecting Moment.js, a popular JavaScript date library. This vulnerability specifically impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1. Systems that use Moment.js in a server environment, particularly those that use user-provided locale strings to switch moment locale, are at risk. To mitigate this issue, users should update to version 2.29.2 or sanitize user-provided locale names before passing them to Moment.js.

How do I know if I'm affected?

If you're using Moment.js, a JavaScript date library, in a server environment and your version falls between 1.0.1 and 2.29.1, you might be affected by the vulnerability. This issue is particularly concerning if your system uses user-provided locale strings to switch moment locale. To check if you're affected, verify the version of Moment.js you're using and whether your system relies on user-provided locale strings.

See Also
CVE-2022-23529: Revocation of JsonWebToken VulnerabilityThe Top 10 Vulnerabilities of 2022: Mastering Vulnerability ManagementCVE-2022-32917 Report - Details, Severity, & Advisories | TwingateDecode JWT runtime error troubleshooting  |  Apigee  |  Google Cloud

What should I do if I'm affected?

If you're affected by the vulnerability, update Moment.js to version 2.29.2 or later. Additionally, sanitize user-provided locale names before passing them to Moment.js. This helps prevent path traversal issues and keeps your system secure.

Is cve-2022-24785 in CISA’s Known Exploited Vulnerabilities Catalog?

As of now, CVE-2022-24785 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as a path traversal issue, affects Moment.js, a JavaScript date library. To address this vulnerability, users should update to version 2.29.2 or sanitize user-provided locale names before passing them to Moment.js.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22 and CWE-27, which is a path traversal issue in Moment.js affecting server users who rely on user-provided locale strings.

See Also
Tableau : Security vulnerabilities, CVEs

For more details

CVE-2022-24785 is a path traversal vulnerability affecting Moment.js, a widely used JavaScript date library. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the resources listed below.

CVE-2022-24785 Report - Details, Severity, & Advisories | Twingate (2024)
Top Articles
6 fast and easy loans in Canada: Apply online
11 Best Free WordPress Themes in 2024 (Compared)
English Bulldog Puppies For Sale Under 1000 In Florida
Katie Pavlich Bikini Photos
Gamevault Agent
Pieology Nutrition Calculator Mobile
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Doby's Funeral Home Obituaries
Compare the Samsung Galaxy S24 - 256GB - Cobalt Violet vs Apple iPhone 16 Pro - 128GB - Desert Titanium | AT&T
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Craigslist Dog Kennels For Sale
Things To Do In Atlanta Tomorrow Night
Non Sequitur
Crossword Nexus Solver
How To Cut Eelgrass Grounded
Pac Man Deviantart
Alexander Funeral Home Gallatin Obituaries
Shasta County Most Wanted 2022
Energy Healing Conference Utah
Testberichte zu E-Bikes & Fahrrädern von PROPHETE.
Aaa Saugus Ma Appointment
Geometry Review Quiz 5 Answer Key
Icivics The Electoral Process Answer Key
Allybearloves
Bible Gateway passage: Revelation 3 - New Living Translation
Yisd Home Access Center
Home
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
Marquette Gas Prices
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Vera Bradley Factory Outlet Sunbury Products
Pixel Combat Unblocked
Cvs Sport Physicals
Mercedes W204 Belt Diagram
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Teenbeautyfitness
Where Can I Cash A Huntington National Bank Check
Topos De Bolos Engraçados
Sand Castle Parents Guide
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Holzer Athena Portal
Hello – Cornerstone Chapel
Stoughton Commuter Rail Schedule
Selly Medaline
Latest Posts
More than 4 in 10 U.S. workers don’t take all their paid time off 
Steam Support :: An unexpected error has occurred. Your purchase has not been completed.
Article information

Author: Pres. Lawanda Wiegand

Last Updated:

Views: 6019

Rating: 4 / 5 (71 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Pres. Lawanda Wiegand

Birthday: 1993-01-10

Address: Suite 391 6963 Ullrich Shore, Bellefort, WI 01350-7893

Phone: +6806610432415

Job: Dynamic Manufacturing Assistant

Hobby: amateur radio, Taekwondo, Wood carving, Parkour, Skateboarding, Running, Rafting

Introduction: My name is Pres. Lawanda Wiegand, I am a inquisitive, helpful, glamorous, cheerful, open, clever, innocent person who loves writing and wants to share my knowledge and understanding with you.