[JSDSERVER-6289] The version of moment.js used in Jira Service Desk was vulnerable to a regular expression denial of service

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 4.0.0
Affects Version/s: 3.14.0
Component/s: API and Integrations
Labels:

Symptom Severity:
Severity 2 - Major
UIS:
0
Bug Fix Policy:
View Atlassian Server bug fix policy

The version of moment.js used in Jira Service Desk Server before version 4.0.0 allows remote attackers to cause a denial of service in user's browsers via a regular expression denial of service. For additional details see https://github.com/moment/moment/issues/2936.

relates to

JRASERVER-69040 The version of moment.js used in Jira was vulnerable to a regular expression denial of service

Closed

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 21/Mar/2019 12:52 AM

Updated:: 28/Apr/2020 4:30 AM

Resolved:: 21/Mar/2019 1:05 AM

Jira Service Management Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates

Backbone Issue Sync