7.5

CVE-2022-25927

Medienbericht
Exploit
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ua-parser-js ProjectUa-parser-js SwPlatformnode.js Version >= 0.7.30 < 0.7.33
Ua-parser-js ProjectUa-parser-js SwPlatformnode.js Version >= 0.8.1 < 1.0.33
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.73% 0.746
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
report@snyk.io 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
23.03.2026 11:37
https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
Third Party Advisory
Exploit