本ページは ua-parser-js_project ua-parser-js に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-25927 | Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. | [email protected] | 5.3 | 1.49% | 2023-01-26 | 2025-04-01 |
| CVE-2021-4229 | A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component. | [email protected] | 5.0 | 0.86% | 2022-05-24 | 2024-11-21 |
| CVE-2021-27292 | ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. | [email protected] | 7.5 | 1.44% | 2021-03-17 | 2024-11-21 |
| CVE-2020-7793 | The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). | [email protected] | 7.5 | 2.64% | 2020-12-11 | 2024-11-21 |
| CVE-2020-7733 | The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | [email protected] | 7.5 | 1.20% | 2020-09-16 | 2024-11-21 |