Описание
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 0.7.31+ds+~0.7.36-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/noble | not-affected | 0.7.31+ds+~0.7.36-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression whi ...
Regular Expression Denial of Service (ReDoS) in ua-parser-js
Уязвимость библиотеки ua-parser-js прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3