New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NethCTI 3: upgrade moment.js dependency due to security vulnerability #5375
Labels
Milestone
Comments
alepolidori
added
bug
A defect of the software
nethcti
Relative to NethCTI client or server
labels
Apr 10, 2018
alepolidori
changed the title
NethCTI 3: security dos vulnerability on moment library
NethCTI 3: upgrade moment.js dependency due to security vulnerability
Apr 10, 2018
On the client the lib is never used: I have removed it. |
Note: requires update of client and server How to test
|
in |
alepolidori
pushed a commit
to nethesis/nethcti-server
that referenced
this issue
Apr 11, 2018
alepolidori
added a commit
to nethesis/nethcti-server
that referenced
this issue
Apr 11, 2018
in |
SebastianMB-IT
added
verified
All test cases were verified successfully
and removed
testing
Packages are available from testing repositories
labels
Apr 11, 2018
Verified |
in |
in |
in |
Timestamp on the client is broken |
Fixed |
in |
in |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Moment library is vulnerable to regular expression denial of service via a crafted date string.
Here all info: https://nvd.nist.gov/vuln/detail/CVE-2017-18214
Issue: moment/moment#4163
Todo
Update the library
The text was updated successfully, but these errors were encountered: