vulnerability
Red Hat JBoss EAP: CVE-2022-24785: Path Traversal
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Apr 4, 2022 | Sep 19, 2024 | Jul 9, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Apr 4, 2022
Added
Sep 19, 2024
Modified
Jul 9, 2025
Description
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.. A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-22
- CWE-27
- CVE-2022-24785
- https://attackerkb.com/topics/CVE-2022-24785
- URL-https://access.redhat.com/security/cve/CVE-2022-24785
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2072009
- URL-https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4
- URL-https://access.redhat.com/errata/RHSA-2022:4918
- URL-https://access.redhat.com/errata/RHSA-2022:4919
- URL-https://access.redhat.com/errata/RHSA-2022:4922
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.