Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5NGMtNWo2dy00eG14

High EPSS: 0.02288% (0.84207 Percentile) EPSS:
Permalink JSON

ua-parser-js Regular Expression Denial of Service vulnerability

Affected Packages Affected Versions Fixed Versions
npm:ua-parser-js
PURL: pkg:npm/ua-parser-js
< 0.7.23 0.7.23
1,976 Dependent packages
1,003,902 Dependent repositories
73,303,715 Downloads last month

Affected Version Ranges

All affected versions

0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.3, 0.4.4, 0.4.6, 0.4.7, 0.4.13, 0.4.15, 0.5.1, 0.5.2, 0.5.3, 0.5.11, 0.5.12, 0.5.15, 0.5.20, 0.5.22, 0.5.23, 0.5.25, 0.5.27, 0.6.0, 0.6.2, 0.7.0, 0.7.1, 0.7.3, 0.7.4, 0.7.6, 0.7.7, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14, 0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 0.7.20, 0.7.21, 0.7.22

All unaffected versions

0.7.23, 0.7.24, 0.7.25, 0.7.26, 0.7.27, 0.7.28, 0.7.30, 0.7.31, 0.7.32, 0.7.33, 0.7.34, 0.7.35, 0.7.36, 0.7.37, 0.7.38, 0.7.39, 0.7.40, 0.7.41, 0.8.1, 1.0.1, 1.0.2, 1.0.32, 1.0.33, 1.0.34, 1.0.35, 1.0.36, 1.0.37, 1.0.38, 1.0.39, 1.0.40, 1.0.41, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

References:

Identifiers

GHSA-394c-5j6w-4xmx

CVE-2020-7793

Risk

Severity

High

EPSS

EPSS Percentage: 0.02288

EPSS Percentile: 0.84207

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/faisalman/ua-parser-js

Date and time

Published

over 3 years ago

Updated

almost 3 years ago

API

JSON