Launchpad CVE tracker

CVE 2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

Related bugs and status

CVE-2022-24785 (Candidate) is related to these bugs:

Bug #1982617: Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129

		In	Importance	Status
1982617	Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129	node-moment (Ubuntu)	Undecided	Fix Released
1982617	Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129	node-moment (Ubuntu Focal)	Undecided	Fix Released
1982617	Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129	node-moment (Ubuntu Jammy)	Undecided	Fix Released
1982617	Versions in Bionic, Focal and Jammy are vulnerable to CVE-2022-24785 and CVE-2022-31129	node-moment (Ubuntu Bionic)	Undecided	Fix Released

Bug #1982670: Multiple vulnerabilities in Bionic, Focal, Jammy and Kinetic

		In	Importance	Status
1982670	Multiple vulnerabilities in Bionic, Focal, Jammy and Kinetic	jupyter-notebook (Ubuntu)	Undecided	Fix Released
1982670	Multiple vulnerabilities in Bionic, Focal, Jammy and Kinetic	Jupyter Notebook	Critical	Unknown
1982670	Multiple vulnerabilities in Bionic, Focal, Jammy and Kinetic	jupyter-notebook (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-24785

References