RSS   Podatności dla 'Ua-parser-js'   RSS

2021-03-17
 
CVE-2021-27292

NVD-CWE-Other
 

 
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

 
2020-12-11
 
CVE-2020-7793

CWE-400
 

 
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

 
2020-09-16
 
CVE-2020-7733

CWE-917
 

 
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

 


Copyright 2024, cxsecurity.com

 

Back to Top