Details
-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
9.6.3
-
None
-
None
Description
Steps to Reproduce
Version Moment.js between versions 1.0.1 and 2.29.1 contains the CVE-2022-24785
https://nvd.nist.gov/vuln/detail/cve-2022-24785
org\zkoss\zk\zk\9.6.x\zk-9.6.x-osgi.jar!\web\js\zk\ext\moment.js
currently uses Version 2.24.0 that seems to be vulnerable by CVE-2022-24785
Expected Result
org\zkoss\zk\zk\9.6.x\zk-9.6.x-osgi.jar!\web\js\zk\ext\moment.js contains moments.js >= 2.29.2