DoS (Denial of Service) ua-parser-js Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 9.17.2, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5...

DEBIAN-CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...

UBUNTU-CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...

PT-2020-6066 · Unknown · Ua-Parser-Js

Name of the Vulnerable Software and Affected Versions: ua-parser-js versions prior to 0.7.23 Description: The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library, which can be exploited by a remote attacker to cause a denial of service. The...

Regular Expression Denial of Service (ReDoS)

Overview ua-parser-js is a lightweight JavaScript-based user-agent string parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info. Proof of Concept by Miguel de Moura jsconst uaparser =...