Ua-parser-js Security Vulnerabilities and Issues — Ua-parser-js CVE List

Lucene search

Ua-parser-js ProjectUa-parser-js

5 matches found

CVE•added 2023/01/26 9:15 p.m.•244 views

CVE-2022-25927

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

7.5CVSS7.3AI score0.0141EPSS

CVE•added 2021/03/17 1:15 p.m.•226 views

CVE-2021-27292

ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

7.5CVSS7.2AI score0.00356EPSS

CVE•added 2020/09/16 2:15 p.m.•117 views

CVE-2020-7733

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

7.5CVSS7.5AI score0.02255EPSS

CVE•added 2020/12/11 2:15 p.m.•98 views

CVE-2020-7793

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

7.5CVSS7.5AI score0.03568EPSS

CVE•added 2022/05/24 4:15 p.m.•57 views

CVE-2021-4229

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.

8.8CVSS6.7AI score0.00819EPSS