Regular Expression Denial of Service in ua-parser-js
High severity
GitHub Reviewed
Published
May 7, 2021
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Sep 16, 2020
Reviewed
May 3, 2021
Published to the GitHub Advisory Database
May 7, 2021
Last updated
Jan 31, 2023
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
References