ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-03-17T12:34:48

Updated: 2024-08-03T20:48:16.474Z

Reserved: 2021-02-16T00:00:00

Link: CVE-2021-27292

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-17T13:15:15.200

Modified: 2024-11-21T05:57:45.830

Link: CVE-2021-27292

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-02-11T00:00:00Z

Links: CVE-2021-27292 - Bugzilla