CVE-2020-26289— Regular expression Denial of Service in date-and-time
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-26289
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Regular expression Denial of Service in date-and-time
Source: NVD (National Vulnerability Database)
Vulnerability Description
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Date And Time 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Date And Time是Date And Time个人开发者的一个基于Javascript用于处理JS日期和时间的Npm代码库。 date-and-time 0.14.2之前版本存在安全漏洞,该漏洞源于涉及解析的正则表达式,它可以被用来导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| knowledgecode | date-and-time | < 0.14.2 | - |
II. Public POCs for CVE-2020-26289
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 6682 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2020-26289
请登录查看更多情报信息。
- https://www.npmjs.com/package/date-and-timex_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-26289
IV. Related Vulnerabilities
Same weakness: CWE-400
- CVE-2025-10470
Denial-of-Service via Magic Link Authentication in WSO2 Iden - CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS
V. Comments for CVE-2020-26289
No comments yet