7.5
CVE-2022-25927
- EPSS 1.73%
- Veröffentlicht 26.01.2023 21:15:32
- Zuletzt bearbeitet 01.04.2025 19:15:41
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ua-parser-js Project ≫ Ua-parser-js SwPlatformnode.js Version >= 0.7.30 < 0.7.33
Ua-parser-js Project ≫ Ua-parser-js SwPlatformnode.js Version >= 0.8.1 < 1.0.33
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.73% | 0.746 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| report@snyk.io | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-1333 Inefficient Regular Expression Complexity
The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450