ua-parser-js is vulnerable to Regular Expression Denial Of Service (ReDoS). The vulnerability exists due to an insecure Regex pattern used for the str
attribute in the trim
function of ua-parser.js
, which allows an attacker to crash the application by providing a maliciously crafted string.