Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
References
Link | Resource |
---|---|
https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411 | Patch Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
Summary | Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. |
02 Feb 2023, 18:26
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1333 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:ua-parser-js_project:ua-parser-js:*:*:*:*:*:node.js:*:* | |
First Time |
Ua-parser-js Project ua-parser-js
Ua-parser-js Project |
|
References | (MISC) https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450 - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411 - Patch, Third Party Advisory |
26 Jan 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-26 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-25927
Mitre link : CVE-2022-25927
CVE.ORG link : CVE-2022-25927
JSON object : View
Products Affected
ua-parser-js_project
- ua-parser-js
CWE