Description

ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

Remediation

References

CVE-2021-27292

Related Vulnerabilities

Dotclear Improper Access Control Vulnerability (CVE-2015-8832)

WordPress Plugin WordPress Bitcoin Payments-Blockonomics Cross-Site Scripting (3.5.7)

Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)

Plone CMS CVE-2024-23756 Vulnerability (CVE-2024-23756)

Oracle Application Server CVE-2008-0346 Vulnerability (CVE-2008-0346)

Severity

High

Classification

CVE-2021-27292 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities