Lucene search
+L

132 matches found

Cvelist
Cvelist
added 2020/12/11 1:25 p.m.41 views

CVE-2020-7793 Regular Expression Denial of Service (ReDoS)

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

7.5CVSS7.5AI score0.03878EPSS
Exploits1References5
CVE
CVE
added 2020/12/11 1:25 p.m.116 views

CVE-2020-7793

CVE-2020-7793 affects the UAParser.js package (versions before 0.7.23). The vulnerability is a Regular Expression Denial of Service (ReDoS) across multiple regexes. Connected sources explicitly identify UAParser.js (pre-0.7.23) as vulnerable and reference the ReDoS condition; one source notes a f...

7.5CVSS7.5AI score0.03878EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2020/12/11 12:0 a.m.9 views

ua-parser-js security vulnerability

ua-parser-js is a JavaScript-based parser for User-Agent strings. It can be used in a browser client-side or node.js server-side environment. Can also be used as a jQuery / Zepto plugin , Bower / Meteor package and RequireJS / AMD module . A security vulnerability exists in ua-parser-js prior to...

7.5CVSS7.1AI score0.03878EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2020/12/11 12:0 a.m.5 views

PT-2020-6066 · Unknown · Ua-Parser-Js

Name of the Vulnerable Software and Affected Versions: ua-parser-js versions prior to 0.7.23 Description: The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library, which can be exploited by a remote attacker to cause a denial of service. The...

7.5CVSS7.6AI score0.03878EPSS
Exploits1References26
Snyk
Snyk
added 2020/10/29 10:53 a.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview ua-parser-js is a lightweight JavaScript-based user-agent string parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info. Proof of Concept by Miguel de Moura jsconst uaparser =...

7.5CVSS9.1AI score0.03878EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2020/10/29 10:53 a.m.4 views

@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +392 more potentially affected by CVE-2020-7793 via ua-parser-js (>=0.6.2 <=0.7.22)

ua-parser-js NPM version =0.6.2, =1.4.0, =0.16.9, =2018.7.11-0, =2.0.1, =1.0.0, =2.0.0-beta.1, =1.9.0, =1.9.0, =1.0.0, =5.0.0, =1.1.3, =2.6.6, =2.7.0 and more Source cves: CVE-2020-7793 Source advisory: SNYK:JS-UAPARSERJS-1023599...

7.5CVSS7.1AI score0.03878EPSS
Exploits1
Veracode
Veracode
added 2020/09/17 3:48 a.m.37 views

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to regular expression denial of service. A remote attacker is able to cause a denial of service condition by submitting a malicious string that when parsed via the Redmi and Mi Pad regexes, would result in excessive resource consumption...

7.5CVSS7.2AI score0.04483EPSS
Exploits1References2Affected Software4
OSV
OSV
added 2020/09/16 2:15 p.m.31 views

CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

7.5CVSS6.6AI score
Exploits0References5
Prion
Prion
added 2020/09/16 2:15 p.m.32 views

Design/Logic Flaw

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

5CVSS7.4AI score0.04483EPSS
Exploits1References5Affected Software2
UbuntuCve
UbuntuCve
added 2020/09/16 2:15 p.m.33 views

CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

7.5CVSS7.1AI score0.04483EPSS
Exploits1References5
CVE
CVE
added 2020/09/16 2:10 p.m.169 views

CVE-2020-7733

CVE-2020-7733 affects ua-parser-js prior to 0.7.22, where the Redmi/Mi UA regex can cause a Regular Expression Denial of Service (ReDoS). This may allow a crafted request to trigger a DoS on affected environments. Remediation: upgrade ua-parser-js to 0.7.22 or newer (as per description). If any d...

7.5CVSS7.5AI score0.04483EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2020/09/16 2:10 p.m.59 views

CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

7.5CVSS7.8AI score0.04483EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.5 views

PT-2020-6059 · Github · Ua-Parser-Js

Name of the Vulnerable Software and Affected Versions: ua-parser-js versions prior to 0.7.22 Description: The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library. It may allow a remote attacker to cause a denial of service. The vulnerability is due t...

7.5CVSS7.4AI score0.04483EPSS
Exploits1References12
Snyk
Snyk
added 2020/09/09 3:28 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview ua-parser-js is a lightweight JavaScript-based user-agent string parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA. POC by Yeting Li var blank = " "; for let i = 1; i 5000; i++ blank...

7.5CVSS9AI score0.04483EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2019/03/06 5:35 p.m.25 views

uap-core Regular Expression Denial of Service issue

An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...

5.3CVSS4AI score0.03298EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2019/02/13 2:29 p.m.15 views

CVE-2018-20164

An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...

5.3CVSS7.2AI score
Exploits0References4
NVD
NVD
added 2019/02/13 2:29 p.m.28 views

CVE-2018-20164

An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...

5.3CVSS5.2AI score0.03298EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2019/02/13 2:29 p.m.19 views

CVE-2018-20164

An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...

5.3CVSS6.1AI score0.03298EPSS
Exploits2References4
CVE
CVE
added 2019/02/13 2:0 p.m.56 views

CVE-2018-20164

The CVE-2018-20164 entry describes a Regular Expression Denial of Service (ReDoS) in UA-Parser UAP-Core prior to 0.6.0. Affected component is the regex.yaml/regexes.yaml logic used to parse User-Agent strings; the vulnerability allows an attacker to overload a server by sending HTTP(S) requests w...

5.3CVSS5.1AI score0.03298EPSS
Exploits2References4Affected Software1
Debian CVE
Debian CVE
added 2019/02/13 2:0 p.m.44 views

CVE-2018-20164

An issue was discovered in regex.yaml aka regexes.yaml in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service ReDoS issue allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to a value containing a long digit string. The UAP-Core...

5.3CVSS5.2AI score0.03298EPSS
Exploits2
Rows per page
Query Builder