← Back

CVE-2020-26311

nvd nist
Published: Oct 26, 2024Modified: Oct 30, 2024

JSON object

Loading...
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:GreenShow less
Source: security-advisories@github.com (Secondary)

Description

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available.

Affected (1)

Useragent Project
1 product
Useragent
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Useragent
All versions

Related CWEs

CWE-1333
Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References (2)

Source: security-advisories@github.com
Issue Tracking
Source: security-advisories@github.com
ExploitThird Party Advisory

Timeline

No history available yet.