Lucene search
Veracode Vulnerability DatabaseVERACODE:39002HistoryJan 25, 2023 - 3:43 a.m.
Regular Expression Denial Of Service (ReDoS)
2023-01-2503:43:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
34
ua-parser-js
redos vulnerability
insecure regex pattern
trim function
software
maliciously crafted string
EPSS
0.001
Percentile
38.4%
ua-parser-js is vulnerable to Regular Expression Denial Of Service (ReDoS). The vulnerability exists due to an insecure Regex pattern used for the str attribute in the trim function of ua-parser.js, which allows an attacker to crash the application by providing a maliciously crafted string.
Related
cvelist
cvelist
CVE-2022-25927
2023-01-25 05:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-25927]
2023-03-03 15:05:05
redhatcve
redhatcve
CVE-2022-25927
2023-01-27 12:05:22
nvd
nvd
CVE-2022-25927
2023-01-26 21:15:32
osv
osv
ReDoS Vulnerability in ua-parser-js version
2023-01-24 15:36:32
CVE-2022-25927
2023-01-26 21:15:32
cve
cve
CVE-2022-25927
2023-01-26 21:15:32
debiancve
debiancve
CVE-2022-25927
2023-01-26 21:15:32
ubuntucve
ubuntucve
CVE-2022-25927
2023-01-26 00:00:00
prion
prion
Design/Logic Flaw
2023-01-26 21:15:00
github
github
ReDoS Vulnerability in ua-parser-js version
2023-01-24 15:36:32
redhat
redhat