CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
|
1Ua Parser Js Project 1Ua Parser Js Nov 21, 2024 May 24, 2022 N/A· v4 8.8 HIGH· v3 7.6 HIGH· v2 A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is abl...Show more |
1Ua Parser Js Project 1Ua Parser Js Nov 21, 2024 Mar 17, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended p...Show more |
2Siemens Ua Parser Js Project2Sinec Ins Ua Parser JsNov 21, 2024 Dec 11, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). |
2Oracle Ua Parser Js Project2Communications Cloud Native Core Network Function Cloud Native Environment Ua Parser JsNov 21, 2024 Sep 16, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. |