Details
-
Type:
Bug
-
Status: Open
-
Priority:
Normal
-
Resolution: Unresolved
-
Affects Version/s: 9.6.3
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
Description
Steps to Reproduce
Version Moment.js between versions 1.0.1 and 2.29.1 contains the CVE-2022-24785
https://nvd.nist.gov/vuln/detail/cve-2022-24785
org\zkoss\zk\zk\9.6.x\zk-9.6.x-osgi.jar!\web\js\zk\ext\moment.js
currently uses Version 2.24.0 that seems to be vulnerable by CVE-2022-24785
Expected Result
org\zkoss\zk\zk\9.6.x\zk-9.6.x-osgi.jar!\web\js\zk\ext\moment.js contains moments.js >= 2.29.2