CVE-2017-18214 - Denial of Service (DoS)

Severity: None2022-10-13

Security Advisories

Abstract

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

The Oxygen products incorporate Moment.js as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v5.0 and olderNone N/A

Mitigation

None

Detail

CVE-2017-18214

Severity: High

CVSS Score: 7.5

The Moment.js third-party library used by Oxygen XML products is an affected version mentioned in CVE-2017-18214 vulnerability description. However, Oxygen products does not set any user provided date string. For that reason, our products are not affected by this vulnerability.

List of Security Advisories