CVE-2020-26289
HIGHdate-and-time < 0.14.2 - Denial of Service via Regular Expression Parsing
Title source: llmDescription
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g
Patch, Third Party Advisory x_refsource_misc
https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a
Product, Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/date-and-time
Scores
CVSS v3
7.5
EPSS
0.0215
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
date-and-time_project/date-and-time
< 0.14.2
npm/date-and-time
0 - 0.14.2npm
Published
Dec 28, 2020
Tracked Since
Feb 18, 2026