[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-31129":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":94,"aliases":112,"duplicate_of":9,"upstream":114,"downstream":115,"duplicates":156,"related":157,"reserved_at":9,"published_at":166,"modified_at":167,"state":168,"summary":169,"references_raw":177,"kevs":296,"epss":297,"epss_history":300,"metrics":562,"affected":578},"CVE-2022-31129","moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",null,[11,86],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],{"_key":87,"id":87,"name":88,"description":89,"type":15,"status":16,"abstraction":90,"likelihood_of_exploit":18,"capec":91},"CWE-1333","Inefficient Regular Expression Complexity","The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.","Base",[92],{"id":83,"name":84,"techniques":93},[],[95,104],{"_key":96,"name":97,"source":98,"url":99,"maturity":100,"reliability_score":101,"verified":102,"type":9,"platforms":103,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_MOMENT_MOMENT","Moment","github","https://github.com/moment/moment/pull/6015#issuecomment-1152961973","poc",0.3,false,[],{"_key":105,"name":106,"source":107,"url":108,"maturity":109,"reliability_score":110,"verified":102,"type":9,"platforms":111,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_5ECAC09DE4E85E28","Exploit Reference (huntr.dev)","reference","https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/","unknown",0.2,[],[113],"GHSA-wc69-rhjr-hc9g",[],[116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154],{"_key":117},"SUSE-SU-2022:3313-1",{"_key":119},"SUSE-SU-2022:3314-1",{"_key":121},"SUSE-SU-2022:3761-1",{"_key":123},"SUSE-SU-2023:0592-1",{"_key":125},"DLA-3295-1",{"_key":127},"RHSA-2022:6392",{"_key":129},"RHSA-2023:1486",{"_key":131},"RHSA-2023:3623",{"_key":133},"MGASA-2022-0323",{"_key":135},"MGASA-2024-0067",{"_key":137},"USN-5559-1",{"_key":139},"USN-6550-1",{"_key":141},"DEBIAN-CVE-2022-31129",{"_key":143},"RHSA-2022:6272",{"_key":145},"RHSA-2022:6393",{"_key":147},"UBUNTU-CVE-2022-31129",{"_key":149},"RHSA-2022:6277",{"_key":151},"RHSA-2023:1043",{"_key":153},"RHSA-2023:1044",{"_key":155},"RHSA-2023:1045",[],[158,159,160,161,162,164,165],{"_key":117},{"_key":119},{"_key":121},{"_key":123},{"_key":163},"CVE-2023-22467",{"_key":133},{"_key":135},"2022-07-06T00:00:00.000Z","2025-11-03T21:46:17.025Z","Modified",{"cisa_kev":102,"cisa_ransomware":102,"cisa_vendor":9,"epss_severity":170,"epss_score":171,"severity":172,"severity_score":173,"severity_version":174,"severity_source":175,"severity_vector":176,"severity_status":168},"low",0.0311,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[178,188,193,197,200,205,209,213,217,221,226,230,235,239,243,247,251,255,259,263,267,271,275,279,283,287,291],{"url":179,"sources":180,"tags":184},"https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",[175,181,182,183],"nvd","osv_npm","osv_nuget",[185,186,187],"Issue Tracking","Third Party Advisory","WEB",{"url":99,"sources":189,"tags":190},[175,181,182,183],[191,185,192,186,187],"Exploit","Patch",{"url":194,"sources":195,"tags":196},"https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3",[175,181,182,183],[192,186,187],{"url":108,"sources":198,"tags":199},[175,181],[191,185,192,186],{"url":201,"sources":202,"tags":203},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/",[175,181],[204],"Vendor Advisory",{"url":206,"sources":207,"tags":208},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/",[175,181],[204],{"url":210,"sources":211,"tags":212},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/",[175,181],[204],{"url":214,"sources":215,"tags":216},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/",[175,181],[204],{"url":218,"sources":219,"tags":220},"https://security.netapp.com/advisory/ntap-20221014-0003/",[175,181],[186],{"url":222,"sources":223,"tags":224},"https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html",[175,181,182,183],[225,186,187],"Mailing List",{"url":227,"sources":228,"tags":229},"https://security.netapp.com/advisory/ntap-20241108-0002/",[175,181],[],{"url":231,"sources":232,"tags":233},"https://nvd.nist.gov/vuln/detail/CVE-2022-31129",[182,183],[234],"Advisory",{"url":236,"sources":237,"tags":238},"https://github.com/moment/moment/pull/6015/commits/4bbb9f3ccbe231de40207503f344fe5ce97584f4",[182,183],[187],{"url":240,"sources":241,"tags":242},"https://github.com/moment/moment/pull/6015/commits/bfd4f2375d5c1a2106246721d693a9611dddfbfe",[182,183],[187],{"url":244,"sources":245,"tags":246},"https://github.com/moment/moment/pull/6015/commits/dc0d180e90d8a84f7ff13572363330a22b3ea504",[182,183],[187],{"url":248,"sources":249,"tags":250},"https://security.netapp.com/advisory/ntap-20241108-0002",[182,183],[187],{"url":252,"sources":253,"tags":254},"https://security.netapp.com/advisory/ntap-20221014-0003",[182,183],[187],{"url":256,"sources":257,"tags":258},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO",[182,183],[187],{"url":260,"sources":261,"tags":262},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5",[182,183],[187],{"url":264,"sources":265,"tags":266},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O",[182,183],[187],{"url":268,"sources":269,"tags":270},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q",[182,183],[187],{"url":272,"sources":273,"tags":274},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO",[182,183],[187],{"url":276,"sources":277,"tags":278},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5",[182,183],[187],{"url":280,"sources":281,"tags":282},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O",[182,183],[187],{"url":284,"sources":285,"tags":286},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q",[182,183],[187],{"url":288,"sources":289,"tags":290},"https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633",[182,183],[187],{"url":292,"sources":293,"tags":294},"https://github.com/moment/moment",[182,183],[295],"PACKAGE",[],{"date":298,"score":171,"percentile":299},"2026-06-04",0.87065,[301,305,308,311,314,317,320,323,325,328,331,334,337,340,342,346,349,352,355,357,360,362,365,369,371,374,377,380,384,387,390,392,395,397,400,402,405,408,411,414,417,419,421,424,427,430,433,435,438,441,444,447,450,453,456,458,461,465,468,472,475,478,481,484,487,490,493,496,499,502,505,508,510,513,516,519,522,525,528,530,532,535,538,541,544,546,550,553,555,558],{"date":302,"score":303,"percentile":304},"2025-11-04",0.04179,0.88186,{"date":306,"score":303,"percentile":307},"2025-11-05",0.88185,{"date":309,"score":303,"percentile":310},"2025-11-06",0.88175,{"date":312,"score":303,"percentile":313},"2025-11-07",0.88181,{"date":315,"score":303,"percentile":316},"2025-11-08",0.88184,{"date":318,"score":303,"percentile":319},"2025-11-09",0.8818,{"date":321,"score":303,"percentile":322},"2025-11-10",0.88179,{"date":324,"score":303,"percentile":307},"2025-11-11",{"date":326,"score":303,"percentile":327},"2025-11-12",0.88195,{"date":329,"score":303,"percentile":330},"2025-11-13",0.88201,{"date":332,"score":303,"percentile":333},"2025-11-14",0.88204,{"date":335,"score":303,"percentile":336},"2025-11-15",0.88199,{"date":338,"score":303,"percentile":339},"2025-11-16",0.88203,{"date":341,"score":303,"percentile":336},"2025-11-17",{"date":343,"score":344,"percentile":345},"2025-11-18",0.18837,0.94844,{"date":347,"score":344,"percentile":348},"2025-11-19",0.94846,{"date":350,"score":344,"percentile":351},"2025-11-20",0.94851,{"date":353,"score":303,"percentile":354},"2025-11-21",0.88214,{"date":356,"score":303,"percentile":354},"2025-11-22",{"date":358,"score":303,"percentile":359},"2025-11-23",0.88209,{"date":361,"score":303,"percentile":359},"2025-11-24",{"date":363,"score":303,"percentile":364},"2025-11-25",0.8821,{"date":366,"score":367,"percentile":368},"2025-11-26",0.03788,0.87592,{"date":370,"score":367,"percentile":368},"2025-11-27",{"date":372,"score":367,"percentile":373},"2025-11-28",0.87579,{"date":375,"score":367,"percentile":376},"2025-11-29",0.87653,{"date":378,"score":367,"percentile":379},"2025-11-30",0.87654,{"date":381,"score":382,"percentile":383},"2025-12-01",0.03811,0.87747,{"date":385,"score":382,"percentile":386},"2025-12-02",0.87749,{"date":388,"score":382,"percentile":389},"2025-12-03",0.87748,{"date":391,"score":367,"percentile":376},"2025-12-04",{"date":393,"score":367,"percentile":394},"2025-12-05",0.87657,{"date":396,"score":367,"percentile":379},"2025-12-06",{"date":398,"score":367,"percentile":399},"2025-12-07",0.87651,{"date":401,"score":367,"percentile":399},"2025-12-08",{"date":403,"score":303,"percentile":404},"2025-12-09",0.88286,{"date":406,"score":303,"percentile":407},"2025-12-10",0.88305,{"date":409,"score":303,"percentile":410},"2025-12-11",0.88309,{"date":412,"score":303,"percentile":413},"2025-12-12",0.88313,{"date":415,"score":303,"percentile":416},"2025-12-13",0.88315,{"date":418,"score":303,"percentile":413},"2025-12-14",{"date":420,"score":303,"percentile":416},"2025-12-15",{"date":422,"score":303,"percentile":423},"2025-12-16",0.88318,{"date":425,"score":303,"percentile":426},"2025-12-17",0.88323,{"date":428,"score":303,"percentile":429},"2025-12-18",0.88325,{"date":431,"score":303,"percentile":432},"2025-12-19",0.88326,{"date":434,"score":303,"percentile":432},"2025-12-20",{"date":436,"score":303,"percentile":437},"2025-12-21",0.88334,{"date":439,"score":303,"percentile":440},"2025-12-22",0.88332,{"date":442,"score":303,"percentile":443},"2025-12-23",0.88338,{"date":445,"score":303,"percentile":446},"2025-12-24",0.88341,{"date":448,"score":303,"percentile":449},"2025-12-25",0.88351,{"date":451,"score":303,"percentile":452},"2025-12-26",0.88349,{"date":454,"score":303,"percentile":455},"2025-12-27",0.88391,{"date":457,"score":303,"percentile":446},"2025-12-28",{"date":459,"score":303,"percentile":460},"2025-12-29",0.88336,{"date":462,"score":463,"percentile":464},"2025-12-30",0.04394,0.88626,{"date":466,"score":463,"percentile":467},"2025-12-31",0.88634,{"date":469,"score":470,"percentile":471},"2026-01-01",0.0442,0.88731,{"date":473,"score":470,"percentile":474},"2026-01-02",0.88726,{"date":476,"score":470,"percentile":477},"2026-01-03",0.88723,{"date":479,"score":463,"percentile":480},"2026-01-04",0.88628,{"date":482,"score":463,"percentile":483},"2026-01-05",0.88624,{"date":485,"score":463,"percentile":486},"2026-01-06",0.88629,{"date":488,"score":463,"percentile":489},"2026-01-07",0.88631,{"date":491,"score":463,"percentile":492},"2026-01-08",0.88637,{"date":494,"score":463,"percentile":495},"2026-01-09",0.88641,{"date":497,"score":463,"percentile":498},"2026-01-10",0.88643,{"date":500,"score":463,"percentile":501},"2026-01-11",0.88636,{"date":503,"score":463,"percentile":504},"2026-01-12",0.88633,{"date":506,"score":463,"percentile":507},"2026-01-13",0.8863,{"date":509,"score":463,"percentile":498},"2026-01-14",{"date":511,"score":463,"percentile":512},"2026-01-15",0.88645,{"date":514,"score":463,"percentile":515},"2026-01-16",0.88652,{"date":517,"score":463,"percentile":518},"2026-01-17",0.88653,{"date":520,"score":171,"percentile":521},"2026-01-18",0.8643,{"date":523,"score":171,"percentile":524},"2026-01-19",0.86423,{"date":526,"score":171,"percentile":527},"2026-01-20",0.86418,{"date":529,"score":171,"percentile":524},"2026-01-21",{"date":531,"score":171,"percentile":521},"2026-01-22",{"date":533,"score":171,"percentile":534},"2026-01-23",0.86445,{"date":536,"score":171,"percentile":537},"2026-01-24",0.86453,{"date":539,"score":171,"percentile":540},"2026-01-25",0.86448,{"date":542,"score":171,"percentile":543},"2026-01-26",0.86446,{"date":545,"score":171,"percentile":540},"2026-01-27",{"date":547,"score":548,"percentile":549},"2026-01-28",0.03435,0.87153,{"date":551,"score":548,"percentile":552},"2026-01-29",0.87156,{"date":554,"score":548,"percentile":552},"2026-01-30",{"date":556,"score":548,"percentile":557},"2026-01-31",0.87157,{"date":559,"score":560,"percentile":561},"2026-02-01",0.03456,0.87265,[563,568,574,576],{"source":175,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":564,"cvss_v4_0":9},{"baseScore":173,"baseSeverity":565,"vectorString":176,"impactScore":566,"exploitabilityScore":567},"HIGH",6,10,{"source":181,"cvss_v2_0":569,"cvss_v3_0":9,"cvss_v3_1":573,"cvss_v4_0":9},{"baseScore":570,"baseSeverity":9,"vectorString":571,"impactScore":572,"exploitabilityScore":567},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,{"baseScore":173,"baseSeverity":565,"vectorString":176,"impactScore":566,"exploitabilityScore":567},{"source":182,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":575,"cvss_v4_0":9},{"baseScore":173,"baseSeverity":9,"vectorString":176,"impactScore":566,"exploitabilityScore":567},{"source":183,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":577,"cvss_v4_0":9},{"baseScore":173,"baseSeverity":9,"vectorString":176,"impactScore":566,"exploitabilityScore":567},[579,588,598,609,614,621],{"ecosystem":9,"name":580,"vendor":581,"product":582,"cpe_part":583,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":584},"debian linux","debian","debian_linux","o",[585],{"version":586,"is_range":102,"range_type":587,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":589,"vendor":590,"product":589,"cpe_part":583,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":591},"fedora","fedoraproject",[592,594,596],{"version":593,"is_range":102,"range_type":587,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"version":595,"is_range":102,"range_type":587,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36",{"version":597,"is_range":102,"range_type":587,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"37",{"ecosystem":9,"name":599,"vendor":599,"product":599,"cpe_part":600,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":601},"moment","a",[602],{"version":603,"is_range":604,"range_type":175,"version_start":605,"version_start_type":606,"version_end":607,"version_end_type":608,"fixed_in":9},">= 2.18.0, \u003C 2.29.4",true,"2.18.0","including","2.29.4","excluding",{"ecosystem":9,"name":599,"vendor":610,"product":599,"cpe_part":600,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":611},"momentjs",[612],{"version":613,"is_range":604,"range_type":587,"version_start":605,"version_start_type":606,"version_end":607,"version_end_type":608,"fixed_in":9},"gte2.18.0_lt2.29.4",{"ecosystem":615,"name":599,"vendor":615,"product":599,"cpe_part":9,"purl_type":616,"purl_namespace":9,"purl_name":599,"source":9,"versions":617},"Npm","npm",[618],{"version":619,"is_range":604,"range_type":620,"version_start":605,"version_start_type":606,"version_end":607,"version_end_type":608,"fixed_in":9},"gte2_18_0_lt2_29_4","semver",{"ecosystem":622,"name":623,"vendor":622,"product":623,"cpe_part":9,"purl_type":624,"purl_namespace":9,"purl_name":623,"source":9,"versions":625},"NuGet","Moment.js","nuget",[626],{"version":619,"is_range":604,"range_type":627,"version_start":605,"version_start_type":606,"version_end":607,"version_end_type":608,"fixed_in":9},"ecosystem"]