CVE-2016-4055

MEDIUM

moment <2.11.2 - DoS

Title source: llm

Description

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

References (9)

Scores

CVSS v3 6.5
EPSS 0.0405
EPSS Percentile 88.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-400
Status published

Affected Products (5)

momentjs/moment < 2.11.2
tenable/nessus < 8.2.3
oracle/primavera_unifier < 18.8.4
npm/moment < 2.11.2npm
n/a/n/a

Timeline

Published Jan 23, 2017
Tracked Since Feb 18, 2026