CVE-2022-25927

2023-01-2505:00:00

snyk

www.cve.org

ua-parser-js package

regular expression denial of service

redos

trim() function

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

EPSS

0.001

Percentile

38.4%

JSON

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

CNA Affected

[
  {
    "product": "ua-parser-js",
    "versions": [
      {
        "version": "0.7.30",
        "lessThan": "0.7.33",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "0.8.1",
        "lessThan": "1.0.33",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "vendor": "n/a"
  }
]