CVE-2022-25927

Опубликовано: 26 янв. 2023

Источник: debian

Описание

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-ua-parser-js	fixed	0.8.1+ds+~0.7.36-3		package
node-ua-parser-js	no-dsa		bullseye	package
node-ua-parser-js	postponed		buster	package

Примечания

https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3

Связанные уязвимости

CVE-2022-25927

CVSS3: 5.3

ubuntu

около 3 лет назад

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

CVE-2022-25927

CVSS3: 7.5

redhat

около 3 лет назад

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

CVE-2022-25927

CVSS3: 5.3

nvd

около 3 лет назад

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

GHSA-fhg7-m89q-25r3

CVSS3: 7.5

github

около 3 лет назад

ReDoS Vulnerability in ua-parser-js version