CVE-2022-24785
Description
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.673
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.3.1) | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (10.3.1) | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 10.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1 | Windows |
| Vulnerabilities CVE-2022-24785 are fixed in Nuget - Moment.js 2.29.2 | Windows |
| Work with dates in JavaScript (Node.js module) (USN-5559-1) node-moment_2.20.1+ds-1ubuntu0.1_all.deb | Linux |
| Work with dates in JavaScript (Node.js module) (USN-5559-1) node-moment_2.24.0+ds-2ubuntu0.1_all.deb | Linux |
| Work with dates in JavaScript (Node.js module) (USN-5559-1) node-moment_2.29.1+ds-3ubuntu0.2_all.deb | Linux |
| Work with dates in JavaScript (Node.js module) (USN-5559-1) libjs-moment_2.20.1+ds-1ubuntu0.1_all.deb | Linux |
| Work with dates in JavaScript (Node.js module) (USN-5559-1) libjs-moment_2.24.0+ds-2ubuntu0.1_all.deb | Linux |
| Work with dates in JavaScript (Node.js module) (USN-5559-1) libjs-moment_2.29.1+ds-3ubuntu0.2_all.deb | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-ansible-6.0.28.3-1.el8cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-base-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-base-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-common-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-common-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-debugsource-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-debugsource-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-fuse-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-fuse-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-grafana-dashboards-16.2.10-94.el8cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-immutable-object-cache-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-immutable-object-cache-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-iscsi-3.6-1.el8cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-mds-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-mib-16.2.10-94.el8cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-mib-16.2.10-94.el9cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-radosgw-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-resource-agents-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-resource-agents-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-selinux-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix ceph-selinux-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix cephadm-16.2.10-94.el8cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix cephadm-16.2.10-94.el9cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix cephfs-mirror-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix cephfs-top-16.2.10-94.el8cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix cephfs-top-16.2.10-94.el9cp.noarch.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix libcephfs-devel-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix libcephfs-devel-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix libcephfs2-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix libcephfs2-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librados-devel-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librados-devel-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librados2-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librados2-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix libradospp-devel-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix libradospp-devel-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix libradosstriper1-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix libradosstriper1-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librbd-devel-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librbd-devel-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librbd1-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librbd1-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librgw-devel-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librgw-devel-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librgw2-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix librgw2-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-ceph-argparse-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-ceph-argparse-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-ceph-common-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-ceph-common-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-cephfs-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-cephfs-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-rados-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-rados-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-rbd-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-rbd-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-rgw-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix python3-rgw-16.2.10-94.el9cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix rbd-mirror-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix rbd-nbd-16.2.10-94.el8cp.x86_64.rpm | Linux |
| (RHSA-2023:0076) Red Hat Ceph Storage 5.3 security update and Bug Fix rbd-nbd-16.2.10-94.el9cp.x86_64.rpm | Linux |
| Vulnerabilities CVE-2022-24785 are fixed in Nuget - Moment.js for Linux 2.29.2 | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-346982 | Nessus Agent (x64) (10.8.4) (Manual Upload Required) |
| PATCH-346981 | Nessus Agent (10.8.4) (Manual Upload Required) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234