Ua Parser Jsproject Ua Parser Js
By the Year
In 2024 there have been 0 vulnerabilities in Ua Parser Jsproject Ua Parser Js . Last year Ua Parser Js had 1 security vulnerability published. Right now, Ua Parser Js is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 7.50 |
2022 | 1 | 8.80 |
2021 | 1 | 7.50 |
2020 | 2 | 7.50 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Ua Parser Js vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ua Parser Jsproject Ua Parser Js Security Vulnerabilities
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS)
CVE-2022-25927
7.5 - High
- January 26, 2023
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
ReDoS
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0
CVE-2021-4229
8.8 - High
- May 24, 2022
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.
Inclusion of Functionality from Untrusted Control Sphere
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service
CVE-2021-27292
7.5 - High
- March 17, 2021
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
CVE-2020-7793
7.5 - High
- December 11, 2020
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS)
CVE-2020-7733
7.5 - High
- September 16, 2020
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
Resource Exhaustion
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Communications Cloud Native Core Network Function Cloud Native Environment or by Ua Parser Jsproject? Click the Watch button to subscribe.