View Issue Details

Related ChangesetsJump to NotesJump to History
This bug affects 1 person(s).
 260
IDProjectCategoryView StatusDate SubmittedLast Update
18577Bug reportsSecuritypublic2023-01-02 14:172023-02-20 10:39
Reporterandreafesta Assigned Toc_schmitz  
PriorityurgentSeverityminor 
Status closedResolutionfixed 
Product Version5.4.x 
Summary18577: Moment.js
Description

Dear,
https://pagespeed.web.dev/ report me that there is Moment.js library has a vulnerability.

How can I solve?

Thank you
Andrea

Steps To Reproduce

Steps to reproduce

(Replace this text with detailed step-by-step instructions on how to reproduce the issue)

Expected result

(Write here what you expected to happen)

Actual result

(Write here what happened instead)

TagsNo tags attached.
Attached Files
errore.png (100,604 bytes)
Bug heat260
Complete LimeSurvey version number (& build)5.4.12+221121
I will donate to the project if issue is resolvedNo
BrowserChrome
Database type & version10.3.36-MariaDB-0+deb10u2 - Debian 10
Server OS (if known)Debian 10
Webserver software & version (if known)
PHP Version7.3.31-1~deb10u2

Users monitoring this issue

There are no users monitoring this issue.

Activities

ollehar

ollehar

2023-01-04 10:48

administrator   ~73349

Thanks for reporting, we'll have a look.
gabrieljenik

gabrieljenik

2023-01-04 22:21

manager   ~73363

https://github.com/LimeSurvey/LimeSurvey/pull/2830
andreafesta

andreafesta

2023-01-05 09:40

reporter   ~73364

Hi, thank you. I remove the folder: third_party\moment and there aren't error. Perhaps an old folder...
It's ok?

Thank you
Andrea
gabrieljenik

gabrieljenik

2023-01-05 15:01

manager   ~73369

The datetimepickers depend on moment. If you delete the folder, pickers wont work.
And it is also used for example in the export of dummy users: (see attach)

image.png (26,327 bytes)   
image.png (26,327 bytes)   
guest

guest

2023-02-15 23:13

viewer   ~73839

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=34314
LimeBot

LimeBot

2023-02-20 10:39

administrator   ~73878

Fixed in Release 5.6.6+230220

Related Changesets

LimeSurvey: master fd803ec9

2023-02-16 00:13

Gabriel Jenik

Committer: GitHub


Details Diff		 Fixed issue 18577: [security] Update Moment.js (#2830) Affected Issues
18577
mod - vendor/moment/moment-with-locales.js Diff File
mod - vendor/moment/moment-with-locales.min.js Diff File

Issue History

Date Modified Username Field Change
2023-01-02 14:17 andreafesta New Issue
2023-01-02 14:17 andreafesta File Added: errore.png
2023-01-04 10:47 ollehar Priority none => urgent
2023-01-04 10:48 ollehar Note Added: 73349
2023-01-04 10:48 ollehar Bug heat 250 => 252
2023-01-04 15:04 gabrieljenik Assigned To => gabrieljenik
2023-01-04 15:04 gabrieljenik Status new => assigned
2023-01-04 22:21 gabrieljenik Assigned To gabrieljenik => DenisChenu
2023-01-04 22:21 gabrieljenik Status assigned => ready for code review
2023-01-04 22:21 gabrieljenik Note Added: 73363
2023-01-04 22:21 gabrieljenik Bug heat 252 => 254
2023-01-05 09:40 andreafesta Note Added: 73364
2023-01-05 09:40 andreafesta Bug heat 254 => 256
2023-01-05 15:01 gabrieljenik Note Added: 73369
2023-01-05 15:01 gabrieljenik File Added: image.png
2023-01-05 15:52 DenisChenu Assigned To DenisChenu =>
2023-01-05 15:52 DenisChenu Status ready for code review => ready for testing
2023-02-15 23:13 Changeset attached => LimeSurvey master fd803ec9
2023-02-15 23:13 guest Note Added: 73839
2023-02-15 23:13 guest Bug heat 256 => 258
2023-02-15 23:14 c_schmitz Assigned To => c_schmitz
2023-02-15 23:14 c_schmitz Status ready for testing => resolved
2023-02-15 23:14 c_schmitz Resolution open => fixed
2023-02-20 10:39 LimeBot Note Added: 73878
2023-02-20 10:39 LimeBot Status resolved => closed
2023-02-20 10:39 LimeBot Bug heat 258 => 260