Lucene search
K

127 matches found

Github Security Blog
Github Security Blog
added 2023/01/24 3:36 p.m.194 views

ReDoS Vulnerability in ua-parser-js version

Description: A regular expression denial of service ReDoS vulnerability has been discovered in ua-parser-js. Impact: This vulnerability bypass the library's MAXLENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to g...

7.5CVSS7.9AI score0.01725EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.3 views

PT-2023-12838 · Unknown +1 · Ua-Parser-Js +1

Name of the Vulnerable Software and Affected Versions: ua-parser-js versions 0.7.30 through 0.7.32 ua-parser-js versions 0.8.1 through 1.0.32 Description: A regular expression denial of service ReDoS issue has been discovered in ua-parser-js, allowing an attacker to craft a long user-agent string...

7.5CVSS8.7AI score0.01725EPSS
Exploits2References16
vulnersOsv
vulnersOsv
added 2023/01/23 1:10 p.m.4 views

@ahm-monash/public-test (=1.0.0), @alotool/bl-pack (=0.0.1) +156 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.8.1 <=1.0.32)

ua-parser-js NPM version =0.8.1, =1.2.398, =1.3.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.26.0 and more Source cves: CVE-2022-25927 Source advisory: SNYK:JS-UAPARSERJS-3244450...

7.5CVSS6.6AI score0.01725EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2023/01/23 1:10 p.m.5 views

@alfresco/adf-testing (=6.0.0-A.2-8258), @core-ui-kit/button (=1.1.8) +49 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.7.30 <=0.7.32)

ua-parser-js NPM version =0.7.30, =0.1.0, =0.1.5, =0.3.367, =3.34.0, =1.106.0, =1.106.0, =7.5.0 and more Source cves: CVE-2022-25927 Source advisory: SNYK:JS-UAPARSERJS-3244450...

7.5CVSS6.7AI score0.01725EPSS
Exploits2
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:25 p.m.2 views

Malicious code in fk-ua-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 934455117a593053223b0f2212d17c8c936500e302ce1a7f7b007bcbecb49aa9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/05/25 12:0 a.m.3 views

GHSA-236C-VHJ4-GFXG Duplicate Advisory: Embedded malware in ua-parser-js

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references. Original Description A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the...

8.8CVSS5.4AI score0.01314EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:15 p.m.5 views

CVE-2021-4229

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...

8.8CVSS7.1AI score0.01314EPSS
Exploits0References3
NVD
NVD
added 2022/05/24 4:15 p.m.22 views

CVE-2021-4229

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...

8.8CVSS0.01314EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/05/24 4:15 p.m.48 views

CVE-2021-4229

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...

8.8CVSS7AI score0.01314EPSS
Exploits0References4
Prion
Prion
added 2022/05/24 4:15 p.m.16 views

Design/Logic Flaw

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...

7.6CVSS8.6AI score0.01314EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/24 3:30 p.m.5 views

CVE-2021-4229 ua-parser-js Crypto Mining backdoor

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...

5CVSS8.8AI score0.01314EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/24 3:30 p.m.30 views

CVE-2021-4229 ua-parser-js Crypto Mining backdoor

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...

5CVSS8.8AI score0.01314EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/05/24 3:30 p.m.25 views

CVE-2021-4229

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...

8.8CVSS8.7AI score0.01314EPSS
Exploits0
CVE
CVE
added 2022/05/24 3:30 p.m.74 views

CVE-2021-4229

CVE-2021-4229 affects ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0, with a reported critical issue involving a crypto mining backdoor in the component. The identified fix is to upgrade to 0.7.30, 0.8.1, or 1.0.1. Connected documents provide this concrete detail about affected versions and remed...

8.8CVSS6.7AI score0.01314EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/07 2:19 p.m.55 views

CVE-2021-27292

A regular expression denial of service ReDoS vulnerability was found in the npm library ua-parser-js. If a supplied user agent matches the Noble string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces...

7.5CVSS3.1AI score0.03366EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/02/09 10:46 p.m.4 views

@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +392 more potentially affected by CVE-2020-7793 via ua-parser-js (>=0.6.2 <=0.7.22)

ua-parser-js NPM version =0.6.2, =1.4.0, =0.16.9, =2018.7.11-0, =2.0.1, =1.0.0, =2.0.0-beta.1, =1.9.0, =1.9.0, =1.0.0, =5.0.0, =1.1.3, =2.6.6, =2.7.0 and more Source cves: CVE-2020-7793 Source advisory: OSV:GHSA-394C-5J6W-4XMX...

7.5CVSS7.1AI score0.03878EPSS
Exploits1
OSV
OSV
added 2022/02/09 10:46 p.m.1 views

GHSA-394C-5J6W-4XMX ua-parser-js Regular Expression Denial of Service vulnerability

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

7.5CVSS7.1AI score0.03878EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/02/09 10:46 p.m.43 views

ua-parser-js Regular Expression Denial of Service vulnerability

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...

7.5CVSS7.5AI score0.03878EPSS
Exploits1References7Affected Software1
RedHat Linux
RedHat Linux
added 2022/01/21 7:4 p.m.77 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)

An update is now available for OpenShift Logging 5.2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

8.5CVSS7.8AI score0.97906EPSS
Exploits10References4
RedHat Linux
RedHat Linux
added 2022/01/20 9:40 p.m.126 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.3.3)

An update is now available for OpenShift Logging 5.3.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

8.5CVSS7.8AI score0.97906EPSS
Exploits10References3
Rows per page
Query Builder