HIGH 7.5

GHSA-394c-5j6w-4xmx

ua-parser-js Regular Expression Denial of Service vulnerability

Details

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / ua-parser-js

Introduced in: 0 Fixed in: 0.7.23

Fix npm install ua-parser-js@0.7.23

References

https://nvd.nist.gov/vuln/detail/CVE-2020-7793 [ADVISORY]
https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18 [WEB]
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf [WEB]
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388 [WEB]
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387 [WEB]
https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 [WEB]