127 matches found
Regular Expression Denial Of Service (ReDoS)
ua-parser is vulnerable to regular expression denial of service ReDoS. A malicious user can pass a string through the User-Agent header to cause a ReDoS...
CVE-2017-16086
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...
Design/Logic Flaw
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...
CVE-2017-16086
CVE-2017-16086 affects the ua-parser-js module (ua-parser) and can be triggered by a specially crafted User-Agent header, causing a Regular Expression Denial of Service (ReDoS). The vulnerability is documented with a CVSS v3.0 base score of 7.5 (HIGH) and visible in NVD; a prior v2.0 score is 5.0...
CVE-2017-16086
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to regular expression denial of service ReDoS attacks. An attacker can pass a string value to the getOS function to cause a ReDoS...
ReDoS via long UserAgent header
Overview Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...