127 matches found
ReDoS Vulnerability in ua-parser-js version
Description: A regular expression denial of service ReDoS vulnerability has been discovered in ua-parser-js. Impact: This vulnerability bypass the library's MAXLENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to g...
PT-2023-12838 · Unknown +1 · Ua-Parser-Js +1
Name of the Vulnerable Software and Affected Versions: ua-parser-js versions 0.7.30 through 0.7.32 ua-parser-js versions 0.8.1 through 1.0.32 Description: A regular expression denial of service ReDoS issue has been discovered in ua-parser-js, allowing an attacker to craft a long user-agent string...
@ahm-monash/public-test (=1.0.0), @alotool/bl-pack (=0.0.1) +156 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.8.1 <=1.0.32)
ua-parser-js NPM version =0.8.1, =1.2.398, =1.3.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.26.0 and more Source cves: CVE-2022-25927 Source advisory: SNYK:JS-UAPARSERJS-3244450...
@alfresco/adf-testing (=6.0.0-A.2-8258), @core-ui-kit/button (=1.1.8) +49 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.7.30 <=0.7.32)
ua-parser-js NPM version =0.7.30, =0.1.0, =0.1.5, =0.3.367, =3.34.0, =1.106.0, =1.106.0, =7.5.0 and more Source cves: CVE-2022-25927 Source advisory: SNYK:JS-UAPARSERJS-3244450...
Malicious code in fk-ua-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 934455117a593053223b0f2212d17c8c936500e302ce1a7f7b007bcbecb49aa9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-236C-VHJ4-GFXG Duplicate Advisory: Embedded malware in ua-parser-js
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references. Original Description A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the...
CVE-2021-4229
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...
CVE-2021-4229
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...
CVE-2021-4229
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...
Design/Logic Flaw
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...
CVE-2021-4229 ua-parser-js Crypto Mining backdoor
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...
CVE-2021-4229 ua-parser-js Crypto Mining backdoor
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...
CVE-2021-4229
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...
CVE-2021-4229
CVE-2021-4229 affects ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0, with a reported critical issue involving a crypto mining backdoor in the component. The identified fix is to upgrade to 0.7.30, 0.8.1, or 1.0.1. Connected documents provide this concrete detail about affected versions and remed...
CVE-2021-27292
A regular expression denial of service ReDoS vulnerability was found in the npm library ua-parser-js. If a supplied user agent matches the Noble string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces...
@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +392 more potentially affected by CVE-2020-7793 via ua-parser-js (>=0.6.2 <=0.7.22)
ua-parser-js NPM version =0.6.2, =1.4.0, =0.16.9, =2018.7.11-0, =2.0.1, =1.0.0, =2.0.0-beta.1, =1.9.0, =1.9.0, =1.0.0, =5.0.0, =1.1.3, =2.6.6, =2.7.0 and more Source cves: CVE-2020-7793 Source advisory: OSV:GHSA-394C-5J6W-4XMX...
GHSA-394C-5J6W-4XMX ua-parser-js Regular Expression Denial of Service vulnerability
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...
ua-parser-js Regular Expression Denial of Service vulnerability
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service ReDoS in multiple regexes see linked commit for more info...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)
An update is now available for OpenShift Logging 5.2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.3.3)
An update is now available for OpenShift Logging 5.3.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...