CVE-2020-7733

Published: Sep 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

Affected (2)

Products: Ua Parser Js Project: Ua Parser Js · Oracle: Communications Cloud Native Core Network Function Cloud Native Environment

Ua Parser Js Project

1 product

Ua Parser Js

Oracle

1 product

Communications Cloud Native Core Network Function Cloud Native Environment

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ua Parser Js Project Ua Parser Js	Before 0.7.22

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Network Function Cloud Native Environment	Version 1.7.0

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (10)

https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d

Source: report@snyk.io

PatchThird Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666

Source: report@snyk.io

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665

Source: report@snyk.io

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226

Source: report@snyk.io

ExploitThird Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Source: report@snyk.io

Third Party Advisory

https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d