Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-6289

The version of moment.js used in Jira Service Desk was vulnerable to a regular expression denial of service

XMLWordPrintable



      The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details see https://github.com/moment/moment/issues/2936.

            [JSDSERVER-6289] The version of moment.js used in Jira Service Desk was vulnerable to a regular expression denial of service

            AB made changes -
            Description Original: Component in before version 4.0.0 allows remote attackers to IMPACT via a VULN_INFO.

             

            The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details see [https://github.com/moment/moment/issues/2936.|https://github.com/moment/moment/issues/2936]             		New:

            The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details see [https://github.com/moment/moment/issues/2936.|https://github.com/moment/moment/issues/2936]
            Aliaksei Melnikau (Inactive) made changes -
            UIS New: 0
            Owen made changes -
            Workflow Original: JSD Bug Workflow v5 - TEMP [ 3122115 ] New: JAC Bug Workflow v3 [ 3125943 ]
            Status Original: Done [ 10044 ] New: Closed [ 6 ]
            David Black made changes -
            Link New: This issue is detailed by JSDSERVER-5963 [ JSDSERVER-5963 ]
            David Black made changes -
            Link New: This issue relates to JRASERVER-69040 [ JRASERVER-69040 ]
            David Black made changes -
            Labels Original: advisory advisory-released cvss-medium security New: advisory advisory-released cvss-medium patch-management security
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Untriaged [ 11672 ] New: Done [ 10044 ]
            David Black made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Labels Original: advisory advisory-to-release cvss-medium exclude-from-security-metrics-page security New: advisory advisory-released cvss-medium security
            David Black made changes -
            Description Original: Component in Atlassian JIRA Service Desk Server from version 3.14.0 before version 4.0.0 allows remote attackers to IMPACT via a VULN_INFO. New: Component in before version 4.0.0 allows remote attackers to IMPACT via a VULN_INFO.

             

            The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details see [https://github.com/moment/moment/issues/2936.|https://github.com/moment/moment/issues/2936]

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: