Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4N20tajcyOC1tancz

Moderate EPSS: 0.01024% (0.76349 Percentile) EPSS:
Permalink JSON

uap-core Regular Expression Denial of Service issue

Affected Packages Affected Versions Fixed Versions
npm:uap-core
PURL: pkg:npm/uap-core
< 0.6.0 0.6.0
5 Dependent packages
28 Dependent repositories
12,857 Downloads last month

Affected Version Ranges

All affected versions

All unaffected versions

0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.6.9, 0.6.11, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0, 0.15.0, 0.16.0, 0.18.0

An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)

References:

Identifiers

GHSA-fx7m-j728-mjw3

CVE-2018-20164

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.01024

EPSS Percentile: 0.76349

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/ua-parser/uap-core

Date and time

Published

over 6 years ago

Updated

over 2 years ago

API

JSON