You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When enabling the editable plugin, Moment.js version 2.18.1 is visible on the site with 1 known low vulnerability.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). It used a regular expression (/[0-9]['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+|[\u0600-\u06FF/]+(\s?[\u0600-\u06FF]+){1,2}/i) in order to parse dates specified as strings. This can cause a very low impact of about 2 seconds matching time for data 50k characters long.
To Reproduce
Steps to reproduce the behavior:
(There are a few methods but I have used Google Lighthouse)
Dokuwiki with the editable plugin installed using a Chromium based browser.
Click F12
Scroll along the tabs to Lighthouse
Untick all bar 'Best Practices'
Click Generate Report
Scroll down to the bottom section which outlines Trust & Safety.
See vulnerability
Screenshots
Desktop:
OS: Windows 10
Browser Google Chrome
Version 86
Describe the bug
When enabling the editable plugin, Moment.js version 2.18.1 is visible on the site with 1 known low vulnerability.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). It used a regular expression (/[0-9]['a-z\u00A0-\u05FF\u0700-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+|[\u0600-\u06FF/]+(\s?[\u0600-\u06FF]+){1,2}/i) in order to parse dates specified as strings. This can cause a very low impact of about 2 seconds matching time for data 50k characters long.
To Reproduce
Steps to reproduce the behavior:
(There are a few methods but I have used Google Lighthouse)
Dokuwiki with the editable plugin installed using a Chromium based browser.
Click F12
Scroll along the tabs to Lighthouse
Untick all bar 'Best Practices'
Click Generate Report
Scroll down to the bottom section which outlines Trust & Safety.
See vulnerability
Screenshots
Desktop:
OS: Windows 10
Browser Google Chrome
Version 86
Additional context
Further reading around the library: https://snyk.io/vuln/npm:moment?lh=2.18.1&utm_source=lighthouse&utm_medium=ref&utm_campaign=audit
Version of Dokuwiki used: Release 2020-07-29 "Hogfather"
Installed version: 2020-08-12
The text was updated successfully, but these errors were encountered: