5 matches found
CVE-2022-25927
CVE-2022-25927 affects ua-parser-js with a Regular Expression Denial of Service (ReDoS) through the trim() function. Affected versions are: ua-parser-js 0.7.30 and earlier than 0.7.33, and ua-parser-js 0.8.1 and earlier than 1.0.33. The vulnerability arises from the trim() path and could lead to ...
CVE-2021-27292
CVE-2021-27292 affects ua-parser-js. Vulnerable in versions >=0.7.14 up to before 0.7.24 due to a regex-based Denial of Service in user-agent parsing. Fixed in 0.7.24. Impact is DoS if an attacker sends a crafted User-Agent header; no exploitation details beyond that are provided. Remediation:...
CVE-2020-7733
CVE-2020-7733 affects ua-parser-js prior to 0.7.22, where the Redmi/Mi UA regex can cause a Regular Expression Denial of Service (ReDoS). This may allow a crafted request to trigger a DoS on affected environments. Remediation: upgrade ua-parser-js to 0.7.22 or newer (as per description). If any d...
CVE-2020-7793
CVE-2020-7793 affects the UAParser.js package (versions before 0.7.23). The vulnerability is a Regular Expression Denial of Service (ReDoS) across multiple regexes. Connected sources explicitly identify UAParser.js (pre-0.7.23) as vulnerable and reference the ReDoS condition; one source notes a f...
CVE-2021-4229
CVE-2021-4229 affects ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0, with a reported critical issue involving a crypto mining backdoor in the component. The identified fix is to upgrade to 0.7.30, 0.8.1, or 1.0.1. Connected documents provide this concrete detail about affected versions and remed...