CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27292

ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2021-27292

Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.14

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.14
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.15

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.15
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.16

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.16
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.17

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.17
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.18

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.18
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.19

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.19
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.20

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.20
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.21

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.21
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.22

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.22
Ua-Parser-Js Project » Ua-Parser-Js » Version: 0.7.23

cpe:2.3:a:ua-parser-js_project:ua-parser-js:0.7.23

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27292

Products

Pricing

Contact Us