Lucene search
K
Ua-parser-js ProjectUa-parser-js

5 matches found

CVE
CVE
added 2023/01/25 5:0 a.m.367 views

CVE-2022-25927

CVE-2022-25927 affects ua-parser-js with a Regular Expression Denial of Service (ReDoS) through the trim() function. Affected versions are: ua-parser-js 0.7.30 and earlier than 0.7.33, and ua-parser-js 0.8.1 and earlier than 1.0.33. The vulnerability arises from the trim() path and could lead to ...

7.5CVSS7.3AI score0.01725EPSS
CVE
CVE
added 2021/03/17 12:34 p.m.274 views

CVE-2021-27292

CVE-2021-27292 affects ua-parser-js. Vulnerable in versions >=0.7.14 up to before 0.7.24 due to a regex-based Denial of Service in user-agent parsing. Fixed in 0.7.24. Impact is DoS if an attacker sends a crafted User-Agent header; no exploitation details beyond that are provided. Remediation:...

7.5CVSS7.2AI score0.03366EPSS
CVE
CVE
added 2020/09/16 2:10 p.m.168 views

CVE-2020-7733

CVE-2020-7733 affects ua-parser-js prior to 0.7.22, where the Redmi/Mi UA regex can cause a Regular Expression Denial of Service (ReDoS). This may allow a crafted request to trigger a DoS on affected environments. Remediation: upgrade ua-parser-js to 0.7.22 or newer (as per description). If any d...

7.5CVSS7.5AI score0.04483EPSS
CVE
CVE
added 2020/12/11 1:25 p.m.116 views

CVE-2020-7793

CVE-2020-7793 affects the UAParser.js package (versions before 0.7.23). The vulnerability is a Regular Expression Denial of Service (ReDoS) across multiple regexes. Connected sources explicitly identify UAParser.js (pre-0.7.23) as vulnerable and reference the ReDoS condition; one source notes a f...

7.5CVSS7.5AI score0.03878EPSS
CVE
CVE
added 2022/05/24 3:30 p.m.74 views

CVE-2021-4229

CVE-2021-4229 affects ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0, with a reported critical issue involving a crypto mining backdoor in the component. The identified fix is to upgrade to 0.7.30, 0.8.1, or 1.0.1. Connected documents provide this concrete detail about affected versions and remed...

8.8CVSS6.7AI score0.01314EPSS