Description
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)
WordPress Plugin NewStatPress Cross-Site Scripting (1.2.4)
WordPress Plugin Another WordPress Classifieds Arbitrary File Upload (3.3.2)
Drupal Core 9.1.x Multiple Security Bypass Vulnerabilities (9.1.0 - 9.1.12)
WordPress Plugin Memphis Documents Library Arbitrary File Download (3.1.5)