Ua-parser-js Project

Ua-parser-js

5 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-25927

Exploit
  • EPSS 1.37%
  • Published 26.01.2023 21:15:32
  • Last modified 01.04.2025 19:15:41

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

8.8

CVE-2021-4229

  • EPSS 0.82%
  • Published 24.05.2022 16:15:07
  • Last modified 21.11.2024 06:37:11

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is...

7.5

CVE-2021-27292

Exploit
  • EPSS 0.39%
  • Published 17.03.2021 13:15:15
  • Last modified 21.11.2024 05:57:45

ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

7.5

CVE-2020-7793

Exploit
  • EPSS 3.24%
  • Published 11.12.2020 14:15:11
  • Last modified 21.11.2024 05:37:48

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

7.5

CVE-2020-7733

Exploit
  • EPSS 1.19%
  • Published 16.09.2020 14:15:15
  • Last modified 21.11.2024 05:37:41

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.