CVE-2020-26289 - CERT CVE
ID CVE-2020-26289
Sažetak date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
Reference
CVSS
Base: 5.0
Impact: 2.9
Exploitability:10.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE NONE PARTIAL
CVSS vektor AV:N/AC:L/Au:N/C:N/I:N/A:P
Zadnje važnije ažuriranje 30-12-2020 - 15:51
Objavljeno 28-12-2020 - 19:15