Lucene search
PRIOn knowledge basePRION:CVE-2021-21317HistoryFeb 16, 2021 - 6:15 p.m.
Design/Logic Flaw
2021-02-1618:15:00
PRIOn knowledge base
www.prio-n.com
1
uap-core in an open-source npm package which contains the core of BrowserScope’s original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.
Related
osv
osv
CVE-2021-21317
2021-02-16 18:15:12
Denial of Service in uap-core
2021-02-02 15:46:38
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-02-03 05:36:43
nvd
nvd
CVE-2021-21317
2021-02-16 18:15:12
cve
cve
CVE-2021-21317
2021-02-16 18:15:12
ubuntucve
ubuntucve
CVE-2021-21317
2021-02-16 00:00:00
nodejs
nodejs
Denial of Service
2021-02-23 02:11:16
cvelist
cvelist
CVE-2021-21317 Denial of Service in uap-core
2021-02-16 17:45:16
github
github
Denial of Service in uap-core
2021-02-02 15:46:38