Vulnerability Details CVE-2020-26289
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a
- https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g
- https://www.npmjs.com/package/date-and-time
- https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a
- https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g
- https://www.npmjs.com/package/date-and-time
Products affected by CVE-2020-26289
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.1
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.2
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.3
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.4
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.5
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.6
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.7
-
cpe:2.3:a:date-and-time_project:date-and-time:0.1.8
-
cpe:2.3:a:date-and-time_project:date-and-time:0.10.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.11.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.11.1
-
cpe:2.3:a:date-and-time_project:date-and-time:0.12.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.13.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.13.1
-
cpe:2.3:a:date-and-time_project:date-and-time:0.14.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.14.1
-
cpe:2.3:a:date-and-time_project:date-and-time:0.2.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.2.1
-
cpe:2.3:a:date-and-time_project:date-and-time:0.2.2
-
cpe:2.3:a:date-and-time_project:date-and-time:0.2.3
-
cpe:2.3:a:date-and-time_project:date-and-time:0.3.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.4.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.4.1
-
cpe:2.3:a:date-and-time_project:date-and-time:0.4.2
-
cpe:2.3:a:date-and-time_project:date-and-time:0.5.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.6.1
-
cpe:2.3:a:date-and-time_project:date-and-time:0.6.2
-
cpe:2.3:a:date-and-time_project:date-and-time:0.6.3
-
cpe:2.3:a:date-and-time_project:date-and-time:0.7.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.8.0
-
cpe:2.3:a:date-and-time_project:date-and-time:0.8.1
-
cpe:2.3:a:date-and-time_project:date-and-time:0.9.0