Article - CS370284
moment.js 2.29.1 and lower is vulnerable to CVE-2022-24785 and is included in ThingWorx Platform
Modified: 31-May-2022
Applies To
- ThingWorx Platform 8.5 to 9.3
Description
- Security scan of ThingWorx Platform shows moment.js vulnerability
- CVE-2022-24785 appears in pen testing of ThingWorx Platform
- Scan of the ThingWorx Foundation instance showed a vulnerability with moment.js library
- ThingWorx Platform includes the moment.js library which is vulnerable to CVE-2022-24785
- Internal security team has advised ThingWorx is vulnerable to CVE-2022-24785
This is a printer-friendly version of Article 370284 and may be out of date. For the latest version click CS370284