127 matches found
nodejs-ua-parser-js: Regular expression denial of service via the regex
A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
NPM Library (ua-parser-js) Hijacked: What You Need to Know
Last Update: October 27, 2021 For approximately 4 hours on Friday, October 22, 2021, a widely utilized NPM package, ua-parser-js, was embedded with a malicious script intended to install a coinminer and harvest user/credential information. This package is used “to detect Browser, Engine, OS, CPU,...
Malicious Package
ua-parser-js is a malicious package. The package includes ceprolad.a which is a trojan malware script that executes .exe files. Any computer that has associated with this package should be considered fully compromised...
Embedded malware in ua-parser-js
The npm package ua-parser-js had three versions published with malicious code. Users of affected versions 0.7.29, 0.8.0, 1.0.0 should upgrade as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold. Any computer that has this package installe...
GHSA-PJWM-RVH2-C87W Embedded malware in ua-parser-js
The npm package ua-parser-js had three versions published with malicious code. Users of affected versions 0.7.29, 0.8.0, 1.0.0 should upgrade as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold. Any computer that has this package installe...
boomcatch (>=1.7.1 <=2.0.2), built.io (>=2.0.37 <=2.0.41) +2 more potentially affected by CVE-2021-4229 via ua-parser-js (=0.7.3)
ua-parser-js NPM version =0.7.3 is affected by a known vulnerability. The following packages have a transitive dependency on ua-parser-js and may be impacted: - boomcatch =1.7.1, =2.0.37, =2.0.37, =1.0.62, =1.0.72 Source cves: CVE-2021-4229 Source advisory: OSV:GHSA-PJWM-RVH2-C87W...
Malware Discovered in Popular NPM Package, ua-parser-js
Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a...
Inefficient Regular Expression Complexity in faisalman/ua-parser-js
Description Hello my dear I found another inefficient regular expression in ua-parser-js that have a Polynomial execution time not exponential but still dangerous. Proof of Concept I create two payloads that you can compare the execution times between them in Regexr provided links. payload 1...
nodejs-ua-parser-js: Regular expression denial of service via the regex
A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
The vulnerability of the ua-parser-js library in the Avrora Application Software, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the ua-parser-js library in Avrora Application Software, related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the ua-parser-js library in the Avrora Application Software, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the ua-parser-js library in Avrora Application Software, related to uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
Regular Expression Denial of Service in ua-parser-js
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +329 more potentially affected by CVE-2020-7733 via ua-parser-js (>=0.6.2 <=0.7.21)
ua-parser-js NPM version =0.6.2, =0.16.9, =2018.7.11-0, =2.0.1, =1.0.0, =2.0.0-beta.1, =1.0.0, =5.0.0, =2.6.6, =6.6.0, =3.0.1, =0.1.3, =0.3.8 - @chessboard/nwb =0.25.3-next.0 and more Source cves: CVE-2020-7733 Source advisory: OSV:GHSA-662X-FHQG-9P8V...
Regular Expression Denial of Service
Overview ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. Recommendation Upgrade to version 0.7.24 or later...
Regular Expression Denial of Service (ReDoS) in ua-parser-js
ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time...
GHSA-78CJ-FXPH-M83P Regular Expression Denial of Service (ReDoS) in ua-parser-js
ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time...
@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +271 more potentially affected by CVE-2021-27292 via ua-parser-js (>=0.7.14 <=0.7.23)
ua-parser-js NPM version =0.7.14, =1.4.0, =0.16.9, =2018.7.11-0, =2.0.1, =1.9.0, =1.9.0, =1.0.0, =5.0.0, =1.1.3, =2.6.6, =1.0.0, =6.6.0, =7.5.3 and more Source cves: CVE-2021-27292 Source advisory: OSV:GHSA-78CJ-FXPH-M83P...
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to regular expression denial of service. An attacker is able to exploit the vulnerability by sending a malicious User-Agent header under the device type causing the system to process the header for an extended period of time...
CVE-2021-27292
ua-parser-js = 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time...