Lucene search
+L

97 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 9:44 p.m.41 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js ua-parser-js

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js ua-parser-js. Vulnerability Details CVEID:CVE-2022-25927 DESCRIPTION: Node.js ua-parser-js module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...

7.5CVSS6.1AI score0.01725EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/20 12:34 p.m.31 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to the ua-parser-js module (CVE-2022-25927)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to the ua-parser-js module in the electron app CVE-2022-25927. Electron is used for Discovery Connectors in IBM App Connect Enterprise. The latest fixpack includes ua-parser-js =v1.0.33 Vulnerability Details...

7.5CVSS6.1AI score0.01725EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:35 a.m.28 views

Security Bulletin: There is a security vulnerability in Node.js ua-parser-js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25927)

Summary There is a security vulnerability in Node.js ua-parser-js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25927 DESCRIPTION: Node.js ua-parser-js module is vulnerable to a denial of service, caused by a regular expression...

7.5CVSS6.2AI score0.01725EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 3:5 p.m.40 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-25927]

Summary Node.js module ua-parser-js is used by IBM App Connect Enterprise Certified Container DesignerAuthoring instances. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the...

7.5CVSS6.2AI score0.01725EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2023/01/27 12:5 p.m.80 views

CVE-2022-25927

A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service ReDoS via the trim function...

7.5CVSS3.8AI score0.01725EPSS
Exploits2References3
NVD
NVD
added 2023/01/26 9:15 p.m.19 views

CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...

7.5CVSS6.2AI score0.01725EPSS
Exploits2References2
Prion
Prion
added 2023/01/26 9:15 p.m.27 views

Design/Logic Flaw

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...

5CVSS7.4AI score0.01725EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/25 5:0 a.m.4 views

CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...

5.3CVSS7.1AI score0.01725EPSS
Exploits2References2
CVE
CVE
added 2023/01/25 5:0 a.m.371 views

CVE-2022-25927

CVE-2022-25927 affects ua-parser-js with a Regular Expression Denial of Service (ReDoS) through the trim() function. Affected versions are: ua-parser-js 0.7.30 and earlier than 0.7.33, and ua-parser-js 0.8.1 and earlier than 1.0.33. The vulnerability arises from the trim() path and could lead to ...

7.5CVSS7.3AI score0.01725EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2023/01/25 5:0 a.m.33 views

CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...

5.3CVSS7.6AI score0.01725EPSS
Exploits2References2
OSV
OSV
added 2023/01/25 5:0 a.m.33 views

CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...

5.3CVSS7.4AI score0.01725EPSS
Exploits2References4
Veracode
Veracode
added 2023/01/25 3:43 a.m.56 views

Regular Expression Denial Of Service (ReDoS)

ua-parser-js is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the str attribute in the trim function of ua-parser.js, which allows an attacker to crash the application by providing a maliciously crafted string...

7.5CVSS7.3AI score0.01725EPSS
Exploits2References2Affected Software2
OSV
OSV
added 2023/01/24 3:36 p.m.4 views

GHSA-FHG7-M89Q-25R3 ReDoS Vulnerability in ua-parser-js version

Description: A regular expression denial of service ReDoS vulnerability has been discovered in ua-parser-js. Impact: This vulnerability bypass the library's MAXLENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to g...

7.5CVSS7AI score0.01725EPSS
Exploits2References5
vulnersOsv
vulnersOsv
added 2023/01/24 3:36 p.m.5 views

@alfresco/adf-testing (=6.0.0-A.2-8258), @core-ui-kit/button (=1.1.8) +49 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.7.30 <=0.7.32)

ua-parser-js NPM version =0.7.30, =0.1.0, =0.1.5, =0.3.367, =3.34.0, =1.106.0, =1.106.0, =7.5.0 and more Source cves: CVE-2022-25927 Source advisory: OSV:GHSA-FHG7-M89Q-25R3...

7.5CVSS6.7AI score0.01725EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2023/01/24 3:36 p.m.4 views

@ahm-monash/public-test (=1.0.0), @alotool/bl-pack (=0.0.1) +156 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.8.1 <=1.0.32)

ua-parser-js NPM version =0.8.1, =1.2.398, =1.3.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.26.0 and more Source cves: CVE-2022-25927 Source advisory: OSV:GHSA-FHG7-M89Q-25R3...

7.5CVSS6.6AI score0.01725EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2023/01/24 3:36 p.m.194 views

ReDoS Vulnerability in ua-parser-js version

Description: A regular expression denial of service ReDoS vulnerability has been discovered in ua-parser-js. Impact: This vulnerability bypass the library's MAXLENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to g...

7.5CVSS7.9AI score0.01725EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.4 views

PT-2023-12838 · Unknown +1 · Ua-Parser-Js +1

Name of the Vulnerable Software and Affected Versions: ua-parser-js versions 0.7.30 through 0.7.32 ua-parser-js versions 0.8.1 through 1.0.32 Description: A regular expression denial of service ReDoS issue has been discovered in ua-parser-js, allowing an attacker to craft a long user-agent string...

7.5CVSS8.7AI score0.01725EPSS
Exploits2References16
vulnersOsv
vulnersOsv
added 2023/01/23 1:10 p.m.4 views

@ahm-monash/public-test (=1.0.0), @alotool/bl-pack (=0.0.1) +156 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.8.1 <=1.0.32)

ua-parser-js NPM version =0.8.1, =1.2.398, =1.3.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.25.0, =0.26.0 and more Source cves: CVE-2022-25927 Source advisory: SNYK:JS-UAPARSERJS-3244450...

7.5CVSS6.6AI score0.01725EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2023/01/23 1:10 p.m.5 views

@alfresco/adf-testing (=6.0.0-A.2-8258), @core-ui-kit/button (=1.1.8) +49 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.7.30 <=0.7.32)

ua-parser-js NPM version =0.7.30, =0.1.0, =0.1.5, =0.3.367, =3.34.0, =1.106.0, =1.106.0, =7.5.0 and more Source cves: CVE-2022-25927 Source advisory: SNYK:JS-UAPARSERJS-3244450...

7.5CVSS6.7AI score0.01725EPSS
Exploits2
OSV
OSV
added 2022/05/25 12:0 a.m.4 views

GHSA-236C-VHJ4-GFXG Duplicate Advisory: Embedded malware in ua-parser-js

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references. Original Description A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the...

8.8CVSS5.4AI score0.01314EPSS
Exploits0References4
Rows per page
Query Builder