Ua-Parser-Js Project: >> Ua-Parser-Js >> 1.0.0 Security Vulnerabilities
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
CVSS Score
5.3
EPSS Score
0.014
Published
2023-01-26
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
5.0
EPSS Score
0.006
Published
2022-05-24