[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-24785":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":47,"aliases":48,"duplicate_of":9,"upstream":50,"downstream":51,"duplicates":84,"related":85,"reserved_at":9,"published_at":88,"modified_at":89,"state":90,"summary":91,"references_raw":100,"kevs":176,"epss":177,"epss_history":180,"metrics":453,"affected":469},"CVE-2022-24785","Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":44,"abstraction":45,"likelihood_of_exploit":9,"capec":46},"CWE-27","Path Traversal: 'dir/../../filename'","The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal \"../\" sequences that can resolve to a location that is outside of that directory.","Draft","Variant",[],[],[49],"GHSA-8hfj-j24r-96c4",[],[52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82],{"_key":53},"UBUNTU-CVE-2022-24785",{"_key":55},"DLA-3295-1",{"_key":57},"MGASA-2022-0323",{"_key":59},"MGASA-2024-0067",{"_key":61},"USN-5559-1",{"_key":63},"DEBIAN-CVE-2022-24785",{"_key":65},"RHSA-2022:6272",{"_key":67},"RHSA-2023:0076",{"_key":69},"RHSA-2022:4918",{"_key":71},"RHSA-2022:4919",{"_key":73},"RHSA-2025:4437",{"_key":75},"RHSA-2025:4226",{"_key":77},"RHSA-2022:6277",{"_key":79},"RHSA-2023:1043",{"_key":81},"RHSA-2023:1044",{"_key":83},"RHSA-2023:1045",[],[86,87],{"_key":57},{"_key":59},"2022-04-04T00:00:00.000Z","2025-11-03T21:46:06.689Z","Modified",{"cisa_kev":92,"cisa_ransomware":92,"cisa_vendor":9,"epss_severity":93,"epss_score":94,"severity":95,"severity_score":96,"severity_version":97,"severity_source":98,"severity_vector":99,"severity_status":90},false,"low",0.01827,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[101,110,115,121,125,129,133,138,142,147,152,156,160,164,168,172],{"url":102,"sources":103,"tags":107},"https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4",[98,104,105,106],"nvd","osv_npm","osv_nuget",[108,109],"Vendor Advisory","WEB",{"url":111,"sources":112,"tags":113},"https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5",[98,104,105,106],[114,109],"Patch",{"url":116,"sources":117,"tags":118},"https://www.tenable.com/security/tns-2022-09",[98,104,105,106],[114,119,120,109],"Release Notes","Third Party Advisory",{"url":122,"sources":123,"tags":124},"https://security.netapp.com/advisory/ntap-20220513-0006/",[98,104],[120],{"url":126,"sources":127,"tags":128},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/",[98,104],[108],{"url":130,"sources":131,"tags":132},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/",[98,104],[108],{"url":134,"sources":135,"tags":136},"https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html",[98,104,105,106],[137,120,109],"Mailing List",{"url":139,"sources":140,"tags":141},"https://security.netapp.com/advisory/ntap-20241108-0002/",[98,104],[],{"url":143,"sources":144,"tags":145},"https://nvd.nist.gov/vuln/detail/CVE-2022-24785",[105,106],[146],"Advisory",{"url":148,"sources":149,"tags":150},"https://github.com/moment/moment",[105,106],[151],"PACKAGE",{"url":153,"sources":154,"tags":155},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q",[105,106],[109],{"url":157,"sources":158,"tags":159},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5",[105,106],[109],{"url":161,"sources":162,"tags":163},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q",[105,106],[109],{"url":165,"sources":166,"tags":167},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5",[105,106],[109],{"url":169,"sources":170,"tags":171},"https://security.netapp.com/advisory/ntap-20220513-0006",[105,106],[109],{"url":173,"sources":174,"tags":175},"https://security.netapp.com/advisory/ntap-20241108-0002",[105,106],[109],[],{"date":178,"score":94,"percentile":179},"2026-06-04",0.83239,[181,185,188,191,194,196,199,202,204,207,210,213,216,219,221,225,228,231,234,237,240,242,245,249,252,255,258,261,265,268,271,274,277,280,283,286,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,346,349,352,355,359,362,365,367,370,373,376,379,382,385,388,391,394,396,399,402,405,409,412,415,418,421,424,427,430,433,436,440,443,446,449],{"date":182,"score":183,"percentile":184},"2025-11-04",0.00829,0.73774,{"date":186,"score":183,"percentile":187},"2025-11-05",0.73758,{"date":189,"score":183,"percentile":190},"2025-11-06",0.73755,{"date":192,"score":183,"percentile":193},"2025-11-07",0.73772,{"date":195,"score":183,"percentile":193},"2025-11-08",{"date":197,"score":183,"percentile":198},"2025-11-09",0.73767,{"date":200,"score":183,"percentile":201},"2025-11-10",0.73753,{"date":203,"score":183,"percentile":187},"2025-11-11",{"date":205,"score":183,"percentile":206},"2025-11-12",0.73778,{"date":208,"score":183,"percentile":209},"2025-11-13",0.73785,{"date":211,"score":183,"percentile":212},"2025-11-14",0.73792,{"date":214,"score":183,"percentile":215},"2025-11-15",0.7379,{"date":217,"score":183,"percentile":218},"2025-11-16",0.73786,{"date":220,"score":183,"percentile":206},"2025-11-17",{"date":222,"score":223,"percentile":224},"2025-11-18",0.01557,0.79897,{"date":226,"score":223,"percentile":227},"2025-11-19",0.79902,{"date":229,"score":223,"percentile":230},"2025-11-20",0.79908,{"date":232,"score":183,"percentile":233},"2025-11-21",0.73796,{"date":235,"score":183,"percentile":236},"2025-11-22",0.73787,{"date":238,"score":183,"percentile":239},"2025-11-23",0.73771,{"date":241,"score":183,"percentile":198},"2025-11-24",{"date":243,"score":183,"percentile":244},"2025-11-25",0.73769,{"date":246,"score":247,"percentile":248},"2025-11-26",0.00748,0.72306,{"date":250,"score":247,"percentile":251},"2025-11-27",0.72307,{"date":253,"score":247,"percentile":254},"2025-11-28",0.72297,{"date":256,"score":247,"percentile":257},"2025-11-29",0.72287,{"date":259,"score":247,"percentile":260},"2025-11-30",0.72283,{"date":262,"score":263,"percentile":264},"2025-12-01",0.0094,0.75627,{"date":266,"score":263,"percentile":267},"2025-12-02",0.75634,{"date":269,"score":263,"percentile":270},"2025-12-03",0.75622,{"date":272,"score":247,"percentile":273},"2025-12-04",0.72292,{"date":275,"score":247,"percentile":276},"2025-12-05",0.72301,{"date":278,"score":247,"percentile":279},"2025-12-06",0.72303,{"date":281,"score":247,"percentile":282},"2025-12-07",0.72309,{"date":284,"score":247,"percentile":285},"2025-12-08",0.72312,{"date":287,"score":183,"percentile":288},"2025-12-09",0.73805,{"date":290,"score":183,"percentile":291},"2025-12-10",0.73837,{"date":293,"score":183,"percentile":294},"2025-12-11",0.73854,{"date":296,"score":183,"percentile":297},"2025-12-12",0.73876,{"date":299,"score":183,"percentile":300},"2025-12-13",0.73881,{"date":302,"score":183,"percentile":303},"2025-12-14",0.73879,{"date":305,"score":183,"percentile":306},"2025-12-15",0.73882,{"date":308,"score":183,"percentile":309},"2025-12-16",0.73891,{"date":311,"score":183,"percentile":312},"2025-12-17",0.73903,{"date":314,"score":183,"percentile":315},"2025-12-18",0.73926,{"date":317,"score":183,"percentile":318},"2025-12-19",0.73942,{"date":320,"score":183,"percentile":321},"2025-12-20",0.73941,{"date":323,"score":183,"percentile":324},"2025-12-21",0.73933,{"date":326,"score":183,"percentile":327},"2025-12-22",0.73934,{"date":329,"score":183,"percentile":330},"2025-12-23",0.73923,{"date":332,"score":183,"percentile":333},"2025-12-24",0.73935,{"date":335,"score":183,"percentile":336},"2025-12-25",0.73963,{"date":338,"score":183,"percentile":339},"2025-12-26",0.73959,{"date":341,"score":183,"percentile":342},"2025-12-27",0.73987,{"date":344,"score":183,"percentile":345},"2025-12-28",0.73936,{"date":347,"score":183,"percentile":348},"2025-12-29",0.73928,{"date":350,"score":183,"percentile":351},"2025-12-30",0.73944,{"date":353,"score":183,"percentile":354},"2025-12-31",0.73973,{"date":356,"score":357,"percentile":358},"2026-01-01",0.01042,0.7707,{"date":360,"score":357,"percentile":361},"2026-01-02",0.77073,{"date":363,"score":357,"percentile":364},"2026-01-03",0.77072,{"date":366,"score":183,"percentile":342},"2026-01-04",{"date":368,"score":183,"percentile":369},"2026-01-05",0.7398,{"date":371,"score":183,"percentile":372},"2026-01-06",0.73996,{"date":374,"score":183,"percentile":375},"2026-01-07",0.74004,{"date":377,"score":183,"percentile":378},"2026-01-08",0.74016,{"date":380,"score":183,"percentile":381},"2026-01-09",0.74023,{"date":383,"score":183,"percentile":384},"2026-01-10",0.7402,{"date":386,"score":183,"percentile":387},"2026-01-11",0.74007,{"date":389,"score":183,"percentile":390},"2026-01-12",0.73997,{"date":392,"score":183,"percentile":393},"2026-01-13",0.73995,{"date":395,"score":183,"percentile":384},"2026-01-14",{"date":397,"score":183,"percentile":398},"2026-01-15",0.7403,{"date":400,"score":183,"percentile":401},"2026-01-16",0.74046,{"date":403,"score":183,"percentile":404},"2026-01-17",0.74043,{"date":406,"score":407,"percentile":408},"2026-01-18",0.013,0.79302,{"date":410,"score":407,"percentile":411},"2026-01-19",0.79295,{"date":413,"score":407,"percentile":414},"2026-01-20",0.79293,{"date":416,"score":407,"percentile":417},"2026-01-21",0.793,{"date":419,"score":407,"percentile":420},"2026-01-22",0.79311,{"date":422,"score":407,"percentile":423},"2026-01-23",0.79339,{"date":425,"score":407,"percentile":426},"2026-01-24",0.79349,{"date":428,"score":407,"percentile":429},"2026-01-25",0.79341,{"date":431,"score":407,"percentile":432},"2026-01-26",0.79338,{"date":434,"score":407,"percentile":435},"2026-01-27",0.79336,{"date":437,"score":438,"percentile":439},"2026-01-28",0.01439,0.80342,{"date":441,"score":438,"percentile":442},"2026-01-29",0.8034,{"date":444,"score":438,"percentile":445},"2026-01-30",0.80339,{"date":447,"score":438,"percentile":448},"2026-01-31",0.80345,{"date":450,"score":451,"percentile":452},"2026-02-01",0.02206,0.84134,[454,459,465,467],{"source":98,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":455,"cvss_v4_0":9},{"baseScore":96,"baseSeverity":456,"vectorString":99,"impactScore":457,"exploitabilityScore":458},"HIGH",6,10,{"source":104,"cvss_v2_0":460,"cvss_v3_0":9,"cvss_v3_1":464,"cvss_v4_0":9},{"baseScore":461,"baseSeverity":9,"vectorString":462,"impactScore":463,"exploitabilityScore":458},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,{"baseScore":96,"baseSeverity":456,"vectorString":99,"impactScore":457,"exploitabilityScore":458},{"source":105,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":466,"cvss_v4_0":9},{"baseScore":96,"baseSeverity":9,"vectorString":99,"impactScore":457,"exploitabilityScore":458},{"source":106,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":468,"cvss_v4_0":9},{"baseScore":96,"baseSeverity":9,"vectorString":99,"impactScore":457,"exploitabilityScore":458},[470,479,487,498,503,510,517,524],{"ecosystem":9,"name":471,"vendor":472,"product":473,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"debian linux","debian","debian_linux","o",[476],{"version":477,"is_range":92,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":480,"vendor":481,"product":480,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":482},"fedora","fedoraproject",[483,485],{"version":484,"is_range":92,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"version":486,"is_range":92,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36",{"ecosystem":9,"name":488,"vendor":488,"product":488,"cpe_part":489,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":490},"moment","a",[491],{"version":492,"is_range":493,"range_type":98,"version_start":494,"version_start_type":495,"version_end":496,"version_end_type":497,"fixed_in":9},">= 1.0.1, \u003C 2.29.2",true,"1.0.1","including","2.29.2","excluding",{"ecosystem":9,"name":488,"vendor":499,"product":488,"cpe_part":489,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":500},"momentjs",[501],{"version":502,"is_range":493,"range_type":478,"version_start":494,"version_start_type":495,"version_end":496,"version_end_type":497,"fixed_in":9},"gte1.0.1_lt2.29.2",{"ecosystem":9,"name":504,"vendor":505,"product":506,"cpe_part":489,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":507},"active iq","netapp","active_iq",[508],{"version":509,"is_range":92,"range_type":478,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":511,"name":488,"vendor":511,"product":488,"cpe_part":9,"purl_type":512,"purl_namespace":9,"purl_name":488,"source":9,"versions":513},"Npm","npm",[514],{"version":515,"is_range":493,"range_type":516,"version_start":9,"version_start_type":9,"version_end":496,"version_end_type":497,"fixed_in":9},"lt2_29_2","semver",{"ecosystem":518,"name":519,"vendor":518,"product":519,"cpe_part":9,"purl_type":520,"purl_namespace":9,"purl_name":519,"source":9,"versions":521},"NuGet","Moment.js","nuget",[522],{"version":515,"is_range":493,"range_type":523,"version_start":9,"version_start_type":9,"version_end":496,"version_end_type":497,"fixed_in":9},"ecosystem",{"ecosystem":9,"name":525,"vendor":526,"product":525,"cpe_part":489,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":527},"tenable.sc","tenable",[528],{"version":529,"is_range":493,"range_type":478,"version_start":9,"version_start_type":9,"version_end":530,"version_end_type":497,"fixed_in":9},"lt5.21.0","5.21.0"]