View Issue Details

IDProjectCategoryView StatusLast Update
0026358mantisbtsecuritypublic2019-12-09 04:31
Reporterjcamara Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product Version2.22.0 
Target Version2.23.0Fixed in Version2.23.0 
Summary0026358: Vulnerability from library Moment.js 2.15.2
Description

Our security department reports a pair of known vulnerabilities related with Moment.js 2.15.2

https://www.cvedetails.com/vulnerability-list/vendor_id-16043/product_id-35644/Moment-Project-Moment.html

The suggestion is promoting Moment.js version as far as possible.

TagsNo tags attached.

Activities

dregad

dregad

2019-11-15 04:06

developer   ~0063098

Thanks for the heads up.

Upgrading to the latest moment.js release (2.24.0 as of this writing) should not be a problem, but requires some testing.

dregad

dregad

2019-11-23 14:17

developer   ~0063130

PR https://github.com/mantisbt/mantisbt/pull/1582

Related Changesets

MantisBT: master 1bd17e65

2019-11-15 07:08:14

dregad

Details Diff
Update moment.js library to 2.24.0

Version 2.15.2 we've been using since the introduction of Modern UI is
exposed to 2 known vulnerabilities, CVE-2016-4055 and CVE-2017-18214.

Fixes 0026358
Affected Issues
0026358
mod - core/constant_inc.php Diff File
rm - js/moment-with-locales-2.15.2.min.js Diff File
add - js/moment-with-locales-2.24.0.min.js Diff File
mod - library/README.md Diff File

Issue History

Date Modified Username Field Change
2019-11-15 03:03 jcamara New Issue
2019-11-15 04:06 dregad Status new => acknowledged
2019-11-15 04:06 dregad Note Added: 0063098
2019-11-23 14:15 dregad Assigned To => dregad
2019-11-23 14:15 dregad Status acknowledged => assigned
2019-11-23 14:15 dregad Target Version => 2.23.0
2019-11-23 14:17 dregad Note Added: 0063130
2019-12-02 08:58 dregad Changeset attached => MantisBT master 1bd17e65
2019-12-02 08:58 dregad Status assigned => resolved
2019-12-02 08:58 dregad Resolution open => fixed
2019-12-02 08:58 dregad Fixed in Version => 2.23.0
2019-12-09 04:31 vboctor Status resolved => closed