7.5
CVE-2020-7733
- EPSS 4.48%
- Veröffentlicht 16.09.2020 14:15:15
- Zuletzt bearbeitet 21.11.2024 05:37:41
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
Regular Expression Denial of Service (ReDoS)
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ua-parser-js Project ≫ Ua-parser-js SwPlatformnode.js Version < 0.7.22
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.48% | 0.902 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| report@snyk.io | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://www.oracle.com//security-alerts/cpujul2021.html
https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665
https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226