CVE-2021-4229

Published: May 24, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.

Affected (3)

Products: Ua Parser Js Project: Ua Parser Js

Ua Parser Js Project

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ua Parser Js Project Ua Parser Js	Version 0.7.29
Ua Parser Js Project Ua Parser Js	Version 0.8.0
Ua Parser Js Project Ua Parser Js	Version 1.0.0

Related CWEs

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

References (6)

https://github.com/advisories/GHSA-pjwm-rvh2-c87w

Source: cna@vuldb.com

Third Party Advisory

https://github.com/faisalman/ua-parser-js/issues/536

Source: cna@vuldb.com

Issue TrackingPatchThird Party Advisory

https://vuldb.com/?id.185453

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://github.com/advisories/GHSA-pjwm-rvh2-c87w

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/faisalman/ua-parser-js/issues/536

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://vuldb.com/?id.185453

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.