Regular Expression Denial of Service in ua-parser-js

Severity:: High

Description

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

Recommendation

Update the ua-parser-js package to the latest compatible version. Followings are version details:

Affected version(s): < 0.7.22
Patched version(s): 0.7.22

References

GHSA-662x-fhqg-9p8v
snyk.io
www.oracle.com
CVE-2020-7733
CWE-400
CAPEC-310
OWASP 2021-A6

Related Issues

ua-parser-js Regular Expression Denial of Service vulnerability - CVE-2020-7793
Regular Expression Denial of Service (ReDoS) in ua-parser-js - CVE-2021-27292
useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; ua-parser-js

Anything's wrong? Let us know Last updated on January 31, 2023