132 matches found
CVE-2020-7793 Regular Expression Denial of Service (ReDoS)
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...
CVE-2020-7793
CVE-2020-7793 affects the UAParser.js package (versions before 0.7.23). The vulnerability is a Regular Expression Denial of Service (ReDoS) across multiple regexes. Connected sources explicitly identify UAParser.js (pre-0.7.23) as vulnerable and reference the ReDoS condition; one source notes a f...
ua-parser-js security vulnerability
ua-parser-js is a JavaScript-based parser for User-Agent strings. It can be used in a browser client-side or node.js server-side environment. Can also be used as a jQuery / Zepto plugin , Bower / Meteor package and RequireJS / AMD module . A security vulnerability exists in ua-parser-js prior to...
PT-2020-6066 · Unknown · Ua-Parser-Js
Name of the Vulnerable Software and Affected Versions: ua-parser-js versions prior to 0.7.23 Description: The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library, which can be exploited by a remote attacker to cause a denial of service. The...
Regular Expression Denial of Service (ReDoS)
Overview ua-parser-js is a lightweight JavaScript-based user-agent string parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info. Proof of Concept by Miguel de Moura jsconst uaparser =...
@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +392 more potentially affected by CVE-2020-7793 via ua-parser-js (>=0.6.2 <=0.7.22)
ua-parser-js NPM version =0.6.2, =1.4.0, =0.16.9, =2018.7.11-0, =2.0.1, =1.0.0, =2.0.0-beta.1, =1.9.0, =1.9.0, =1.0.0, =5.0.0, =1.1.3, =2.6.6, =2.7.0 and more Source cves: CVE-2020-7793 Source advisory: SNYK:JS-UAPARSERJS-1023599...
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to regular expression denial of service. A remote attacker is able to cause a denial of service condition by submitting a malicious string that when parsed via the Redmi and Mi Pad regexes, would result in excessive resource consumption...
CVE-2020-7733
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
Design/Logic Flaw
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
CVE-2020-7733
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
CVE-2020-7733
CVE-2020-7733 affects ua-parser-js prior to 0.7.22, where the Redmi/Mi UA regex can cause a Regular Expression Denial of Service (ReDoS). This may allow a crafted request to trigger a DoS on affected environments. Remediation: upgrade ua-parser-js to 0.7.22 or newer (as per description). If any d...
CVE-2020-7733
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
PT-2020-6059 · Github · Ua-Parser-Js
Name of the Vulnerable Software and Affected Versions: ua-parser-js versions prior to 0.7.22 Description: The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library. It may allow a remote attacker to cause a denial of service. The vulnerability is due t...
Regular Expression Denial of Service (ReDoS)
Overview ua-parser-js is a lightweight JavaScript-based user-agent string parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA. POC by Yeting Li var blank = " "; for let i = 1; i 5000; i++ blank...
uap-core Regular Expression Denial of Service issue
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
CVE-2018-20164
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
CVE-2018-20164
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
CVE-2018-20164
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...
CVE-2018-20164
The CVE-2018-20164 entry describes a Regular Expression Denial of Service (ReDoS) in UA-Parser UAP-Core prior to 0.6.0. Affected component is the regex.yaml/regexes.yaml logic used to parse User-Agent strings; the vulnerability allows an attacker to overload a server by sending HTTP(S) requests w...
CVE-2018-20164
An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...