Vulnerability Description
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Date-And-Time Project | Date-And-Time | < 0.14.2 |
Related Weaknesses (CWE)
References
- https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb41PatchThird Party Advisory
- https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52Third Party Advisory
- https://www.npmjs.com/package/date-and-timeProductThird Party Advisory
- https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb41PatchThird Party Advisory
- https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52Third Party Advisory
- https://www.npmjs.com/package/date-and-timeProductThird Party Advisory
FAQ
What is CVE-2020-26289?
CVE-2020-26289 is a vulnerability with a CVSS score of 7.5 (HIGH). date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of se...
How severe is CVE-2020-26289?
CVE-2020-26289 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26289?
Check the references section above for vendor advisories and patch information. Affected products include: Date-And-Time Project Date-And-Time.