All vulnerabilities
CVE-2021-27292
Regular Expression Denial of Service (ReDoS) in ua-parser-js
Description
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
Severity
Ecosystem
JavaScript
Publish Date
May 6, 2021
Modified Date
November 7, 2023
Score Vector
Affected Versions
