3 matches found
EUVD-2018-0302
Malware in sbrugna...
3dtoolkit-signal (>=1.1.0 <=2.1.0), 6to5 (>=3.0.16 <=3.6.5) +3741 more potentially affected by CVE-2020-26311 via useragent (>=0.1.2 <=2.3.0)
useragent NPM version =0.1.2, =1.1.0, =3.0.16, =0.0.1, =3.0.16, =0.0.1, =4.0.0, =0.0.15, =8.25.29, =0.2.0-alpha.1, =3.0.1, =1.0.54, =4.0.0, =5.0.13 - @adora-wallet/adoracore-build =8.25.10 and more Source cves: CVE-2020-26311 Source advisory: OSV:GHSA-MGFV-M47X-4WQP...
GHSA-MGFV-M47X-4WQP useragent Regular Expression Denial of Service vulnerability
Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. PoC js async function exploit const useragent = require"useragent"; // Create a malicious user-agent that...