14 matches found
EUVD-2024-3081
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-21317
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some...
Linux Distros Unpatched Vulnerability : CVE-2020-7733
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
CVE-2020-26311
A flaw was found in Useragent package, a user agent parser for Node.js. Affected versions of this package contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. Mitigation Mitigation for this issue is either not available or the currently...
Regular Expression Denial of Service (ReDoS)
Overview ua-parser-js is a lightweight JavaScript-based user-agent string parser. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the trim function. PoC js const UAParser = require'ua-parser-js'; const count = 200000; //delay starts to be...
ua-parser-js 安全漏洞
ua-parser-js is a JavaScript-based parser for User-Agent strings. It can be used in a browser client-side or node.js server-side environment. Can also be used as a jQuery / Zepto plugin, Bower / Meteor package and RequireJS / AMD module . A security vulnerability exists in ua-parser-js versions...
ua-parser-js 安全漏洞
ua-parser-js is a JavaScript-based parser for User-Agent strings. It can be used in a browser client-side or node.js server-side environment. Can also be used as a jQuery / Zepto plugin , Bower / Meteor package and RequireJS / AMD module . A security vulnerability exists in ua-parser-js npm...
UBUNTU-CVE-2020-7733
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...
@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +329 more potentially affected by CVE-2020-7733 via ua-parser-js (>=0.6.2 <=0.7.21)
ua-parser-js NPM version =0.6.2, =0.16.9, =2018.7.11-0, =2.0.1, =1.0.0, =2.0.0-beta.1, =1.0.0, =5.0.0, =2.6.6, =6.6.0, =3.0.1, =0.1.3, =0.3.8 - @chessboard/nwb =0.25.3-next.0 and more Source cves: CVE-2020-7733 Source advisory: SNYK:JS-UAPARSERJS-610226...
UA-Parser Denial of Service Vulnerability
UA-Parser is a multi-language port of the User Agent String Parser for BrowserScope. A denial of service vulnerability exists in UA-Parser 2015-05-14 and later versions. An attacker can exploit the vulnerability by sending a large number of requests quickly to cause a website to become unavailabl...
GHSA-PMG9-P9R2-6Q87 ReDoS via long UserAgent header in ua-parser
Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...
Useragent Denial of Service Vulnerability
Useragent is a user agent parser that parses user agent strings by matching browsers with specialized regular expressions. A security vulnerability exists in Useragent 2.1.12 and earlier versions, which stems from the program's use of regular expressions to parse user agent packet headers. The...
CVE-2017-16086
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...
Design/Logic Flaw
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...