Back to bug 2072009
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Vipul Nair | 2022-04-05 12:06:20 UTC | CC | aboyko, afm404, agerstmayr, aileenc, alazarot, amackenz, amasferr, amctagga, amuller, anpicker, anstephe, aoconnor, aos-bugs, asoldano, bbaranow, bbuckingham, bcourt, bdettelb, bmaxwell, bmontgom, bniver, boliveir, brian.stansberry, btotty, cdewolf, chazlett, cheese, darran.lofthouse, dkreling, dosoudil, drieden, eglynn, ehelms, emingora, eparis, eric.wittmann, erooth, etamir, etirelli, extras-orphan, fboucher, fjuma, flucifre, ggaughan, gmalinko, gmeno, go-sig, gparvin, grafana-maint, hbraun, huzaifas, ibek, iweiss, janstey, jburrell, jhadvig, jjoyce, jkozol, jkurik, jnethert, jochrist, jokerman, jramanat, jrokos, jschatte, jsherril, jstastny, jstephen, jwendell, jwon, krathod, ksurma, kverlaen, ldap-maint, lemenkov, lgao, lhh, lzap, madam, mail, mattias.ellert, mbenjamin, mburns, mgoodwin, mhackett, mhroncok, mhulan, michal.skrivanek, mkudlej, mmccune, mnovotny, mosmerov, mperina, msochure, msvehla, muagarwa, mwringe, myarboro, nathans, nbecker, njean, nmoumoul, nonamedotc, nstielau, nwallace, ocs-bugs, omachace, openstack-sig, orabin, ovanders, pabelanger, pahickey, pantinor, pcreech, pdelbell, pdrozd, pjindal, ploffay, pmackay, python-sig, rareddy, rcernich, rchan, rebus, rguimara, rrajasek, rstancel, rsvoboda, sbonazzo, scorneli, smaestri, sostapov, spasquie, sponnaga, spoore, spower, stcannon, sthorger, stjepan.gros, tjochec, tm, tom.jenkinson, tzimanyi, vereddy, xavier, yselkowi, zebob.m | |
| Vipul Nair | 2022-04-05 13:46:49 UTC | Blocks | 2072047 | |
| Vipul Nair | 2022-04-05 13:47:38 UTC | Summary | CVE-2022-24785 Moment.js: Path traversal in in moment.locale | CVE-2022-24785 Moment.js: Path traversal in moment.locale |
| Avinash Hanwate | 2022-04-07 04:21:32 UTC | Severity | high | medium |
| Priority | high | medium | ||
| Avinash Hanwate | 2022-04-07 04:23:32 UTC | Depends On | 2072837 | |
| Borja Tarraso | 2022-04-07 10:42:10 UTC | Depends On | 2072950, 2072954, 2072949, 2072952, 2072947, 2072948, 2072951, 2072953, 2072944, 2072946, 2072945 | |
| Vipul Nair | 2022-04-11 10:07:29 UTC | Depends On | 2073996 | |
| Anten Skrabec | 2022-04-13 21:54:24 UTC | CC | decathorpe | |
| Anten Skrabec | 2022-04-13 21:58:07 UTC | Depends On | 2075275, 2075260, 2075265, 2075274, 2075261, 2075283, 2075252, 2075262, 2075268, 2075302, 2075279, 2075287, 2075269, 2075271, 2075253, 2075281, 2075273, 2075304, 2075255, 2075289, 2075264, 2075306, 2075295, 2075297, 2075263, 2075266, 2075301, 2075270, 2075292, 2075267, 2075299, 2075256, 2075277, 2075254, 2075257, 2075259, 2075258, 2075272, 2075285 | |
| Anten Skrabec | 2022-04-13 21:58:26 UTC | Depends On | 2075294, 2075291, 2075314 | |
| Anten Skrabec | 2022-04-13 21:59:24 UTC | Depends On | 2075280, 2075325, 2075309, 2075305, 2075332, 2075316, 2075308, 2075330, 2075293, 2075282, 2075329, 2075331, 2075321, 2075296, 2075315, 2075313, 2075276, 2075312, 2075318, 2075286, 2075298, 2075324, 2075303, 2075317, 2075278, 2075327, 2075300, 2075322, 2075326, 2075310, 2075323, 2075311, 2075288, 2075307, 2075284, 2075328, 2075319, 2075320, 2075290 | |
| Yaakov Selkowitz | 2022-04-18 15:14:39 UTC | CC | yselkowi | |
| Red Hat Bugzilla | 2022-04-19 04:39:01 UTC | CC | ggaughan | |
| Kevin Cormier | 2022-04-21 18:39:00 UTC | Depends On | 2076839 | |
| Depends On | 2076840 | |||
| Depends On | 2077628 | |||
| Sandipan Roy | 2022-04-28 06:21:48 UTC | Depends On | 2077700 | |
| Depends On | 2077706 | |||
| Depends On | 2078007 | |||
| Doc Text | A path traversal vulnerability impacts npm (server) users of Moment.js, especially if a user-provided locale string is directly used to switch moment locale. | |||
| Sandipan Roy | 2022-04-28 06:22:23 UTC | Depends On | 2079699 | |
| RaTasha Tillery-Smith | 2022-04-28 13:23:26 UTC | Doc Text | A path traversal vulnerability impacts npm (server) users of Moment.js, especially if a user-provided locale string is directly used to switch moment locale. | A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale. |
| Sage McTaggart | 2022-04-29 15:14:09 UTC | Depends On | 2080407, 2080409, 2080410, 2080408 | |
| Sage McTaggart | 2022-04-29 20:53:54 UTC | Depends On | 2080506 | |
| Sage McTaggart | 2022-04-29 20:54:08 UTC | Depends On | 2080508 | |
| Sage McTaggart | 2022-04-29 20:58:33 UTC | Depends On | 2080510 | |
| Sage McTaggart | 2022-04-29 21:08:20 UTC | Doc Text | A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale. | A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity. |
| Fixed In Version | moment v 2.29.2 | |||
| errata-xmlrpc | 2022-05-03 16:44:01 UTC | Link ID | Red Hat Product Errata RHSA-2022:1681 | |
| errata-xmlrpc | 2022-05-05 02:39:20 UTC | Link ID | Red Hat Product Errata RHSA-2022:1715 | |
| Product Security DevOps Team | 2022-05-05 09:45:26 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2022-05-05 09:45:26 UTC | |||
| Avinash Hanwate | 2022-05-18 07:57:50 UTC | Depends On | 2085278 | |
| Depends On | 2087668 | |||
| errata-xmlrpc | 2022-06-06 15:12:37 UTC | Link ID | Red Hat Product Errata RHSA-2022:4922 | |
| errata-xmlrpc | 2022-06-06 15:52:54 UTC | Link ID | Red Hat Product Errata RHSA-2022:4918 | |
| errata-xmlrpc | 2022-06-06 15:59:23 UTC | Link ID | Red Hat Product Errata RHSA-2022:4919 | |
| errata-xmlrpc | 2022-06-09 02:06:52 UTC | Link ID | Red Hat Product Errata RHSA-2022:4956 | |
| errata-xmlrpc | 2022-06-13 12:44:12 UTC | Link ID | Red Hat Product Errata RHSA-2022:5006 | |
| errata-xmlrpc | 2022-06-27 17:03:46 UTC | Link ID | Red Hat Product Errata RHSA-2022:5201 | |
| errata-xmlrpc | 2022-06-28 17:06:20 UTC | Link ID | Red Hat Product Errata RHSA-2022:5392 | |
| errata-xmlrpc | 2022-08-24 13:47:30 UTC | Link ID | Red Hat Product Errata RHSA-2022:6156 | |
| errata-xmlrpc | 2022-08-31 14:57:49 UTC | Link ID | Red Hat Product Errata RHSA-2022:6272 | |
| errata-xmlrpc | 2022-08-31 16:55:35 UTC | Link ID | Red Hat Product Errata RHSA-2022:6277 | |
| errata-xmlrpc | 2022-10-05 10:46:18 UTC | Link ID | Red Hat Product Errata RHSA-2022:6813 | |
| errata-xmlrpc | 2022-10-19 12:57:15 UTC | Link ID | Red Hat Product Errata RHSA-2022:7055 | |
| errata-xmlrpc | 2022-11-28 14:39:43 UTC | Link ID | Red Hat Product Errata RHSA-2022:8652 | |
| errata-xmlrpc | 2023-01-11 17:38:57 UTC | Link ID | Red Hat Product Errata RHSA-2023:0076 | |
| errata-xmlrpc | 2023-03-01 21:42:53 UTC | Link ID | Red Hat Product Errata RHSA-2023:1043 | |
| errata-xmlrpc | 2023-03-01 21:45:17 UTC | Link ID | Red Hat Product Errata RHSA-2023:1044 | |
| errata-xmlrpc | 2023-03-01 21:47:51 UTC | Link ID | Red Hat Product Errata RHSA-2023:1045 | |
| errata-xmlrpc | 2023-03-01 21:50:38 UTC | Link ID | Red Hat Product Errata RHSA-2023:1047 | |
| errata-xmlrpc | 2023-03-01 21:58:47 UTC | Link ID | Red Hat Product Errata RHSA-2023:1049 | |
| Fabio Valentini | 2023-03-01 22:33:27 UTC | CC | decathorpe | |
| Miro HronĨok | 2023-03-01 22:52:51 UTC | CC | mhroncok | |
| errata-xmlrpc | 2023-06-15 15:59:52 UTC | Link ID | Red Hat Product Errata RHSA-2023:3642 | |
| errata-xmlrpc | 2023-06-29 20:07:36 UTC | Link ID | Red Hat Product Errata RHSA-2023:3954 |
Back to bug 2072009