Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WS-2022-0280 (High) detected in moment-timezone-0.5.34.tgz #2263

Closed
mend-for-github-com bot opened this issue Sep 2, 2022 · 0 comments · Fixed by #2361
Closed

WS-2022-0280 (High) detected in moment-timezone-0.5.34.tgz #2263

mend-for-github-com bot opened this issue Sep 2, 2022 · 0 comments · Fixed by #2361
Labels
Mend: dependency security vulnerability Security vulnerability detected by Mend

Comments

@mend-for-github-com
Copy link

mend-for-github-com bot commented Sep 2, 2022
edited
Loading

WS-2022-0280 - High Severity Vulnerability

Vulnerable Library - moment-timezone-0.5.34.tgz

Parse and display moments in any timezone.

Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.34.tgz

Dependency Hierarchy:

  • moment-timezone-0.5.34.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

Command Injection in moment-timezone before 0.5.35.

Publish Date: 2022-08-30

URL: WS-2022-0280

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-56x4-j7p9-fcf9

Release Date: 2022-08-30

Fix Resolution: 0.5.35
@mend-for-github-com mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Sep 2, 2022
@mend-for-github-com mend-for-github-com bot changed the title WS-2022-0280 (Medium) detected in moment-timezone-0.5.34.tgz WS-2022-0280 (High) detected in moment-timezone-0.5.34.tgz Sep 6, 2022
@noCharger noCharger mentioned this issue Sep 6, 2022
Closed
@ashwin-pc ashwin-pc mentioned this issue Sep 14, 2022
Merged
7 tasks
@kavilla kavilla linked a pull request Sep 15, 2022 that will close this issue
Bump moment-timezone from 0.5.34 to 0.5.37 #2361
Merged
7 tasks
kavilla pushed a commit that referenced this issue Sep 15, 2022
@ashwin-pc
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361)
77b6068 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229 
 
### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
opensearch-trigger-bot bot pushed a commit that referenced this issue Sep 15, 2022
@ashwin-pc @github-actions
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361)
675f7f9 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)
opensearch-trigger-bot bot pushed a commit that referenced this issue Sep 15, 2022
@ashwin-pc @github-actions
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361)
48b076b 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)
opensearch-trigger-bot bot pushed a commit that referenced this issue Sep 15, 2022
@ashwin-pc @github-actions
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361)
f947025 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)
opensearch-trigger-bot bot pushed a commit that referenced this issue Sep 15, 2022
@ashwin-pc @github-actions
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361)
9c40437 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)
opensearch-trigger-bot bot pushed a commit that referenced this issue Sep 15, 2022
@ashwin-pc @github-actions
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361)
7f74efc 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)
kavilla pushed a commit that referenced this issue Sep 15, 2022
@opensearch-trigger-bot @ashwin-pc
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361) (#2365)
df38cc3 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)

Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
ashwin-pc added a commit that referenced this issue Sep 15, 2022
@opensearch-trigger-bot @ashwin-pc
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361) (#2369)
92dd0b5 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)

Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
joshuarrrr pushed a commit that referenced this issue Sep 16, 2022
@opensearch-trigger-bot @ashwin-pc @kavilla
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361) (#2367)
28b37e7 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)

Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
ananzh pushed a commit that referenced this issue Sep 16, 2022
@opensearch-trigger-bot @ashwin-pc
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361) (#2368)
3acb92a 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)

Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
joshuarrrr pushed a commit that referenced this issue Sep 20, 2022
@opensearch-trigger-bot @ashwin-pc @kavilla
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361) (#2366)
34867ad 
### Description
Updates `moment-timezone`

Dependabot PR:
#2229

### Issues Resolved
#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)

Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this issue Sep 30, 2022
@ashwin-pc @joshuarrrr
Bump moment-timezone from 0.5.34 to 0.5.37 (opensearch-project#2361)
31ccd76 
Updates `moment-timezone`

Dependabot PR:
opensearch-project#2229

opensearch-project#2262
opensearch-project#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)
joshuarrrr pushed a commit to joshuarrrr/OpenSearch-Dashboards that referenced this issue Sep 30, 2022
@ashwin-pc @joshuarrrr
Bump moment-timezone from 0.5.34 to 0.5.37 (opensearch-project#2361)
cb8bec4 
Updates `moment-timezone`

Dependabot PR:
opensearch-project#2229

opensearch-project#2262
opensearch-project#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)
joshuarrrr added a commit that referenced this issue Sep 30, 2022
@joshuarrrr @ashwin-pc
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361) (#2476)
decb814 
Updates `moment-timezone`

Dependabot PR:
#2229

#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)

Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
kavilla pushed a commit that referenced this issue Oct 2, 2022
@joshuarrrr
Bump moment-timezone from 0.5.34 to 0.5.37 (#2361) (#2474)
3e3c484 
Updates `moment-timezone`

Dependabot PR:
#2229

#2262
#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)
pjfitzgibbons pushed a commit to pjfitzgibbons/OpenSearch-Dashboards that referenced this issue Oct 24, 2022
@opensearch-trigger-bot @ashwin-pc @kavilla
Bump moment-timezone from 0.5.34 to 0.5.37 (opensearch-project#2361) (o…
52c238b 
…pensearch-project#2366)

### Description
Updates `moment-timezone`

Dependabot PR:
opensearch-project#2229

### Issues Resolved
opensearch-project#2262
opensearch-project#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
(cherry picked from commit 77b6068)

Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com>
Co-authored-by: Kawika Avilla <kavilla414@gmail.com>
sipopo pushed a commit to sipopo/OpenSearch-Dashboards that referenced this issue Dec 16, 2022
@ashwin-pc @sipopo
Bump moment-timezone from 0.5.34 to 0.5.37 (opensearch-project#2361)
57ffa0f 
### Description
Updates `moment-timezone`

Dependabot PR:
opensearch-project#2229

### Issues Resolved
opensearch-project#2262
opensearch-project#2263

Signed-off-by: Ashwin Pc <ashwinpc@amazon.com>
Signed-off-by: Sergey V. Osipov <sipopo@yandex.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: dependency security vulnerability Security vulnerability detected by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump moment-timezone from 0.5.34 to 0.5.37 ashwin-pc/OpenSearch-Dashboards
0 participants