faisalman/ua-parser-js

GitHub

github.com

uaparser.dev

Releases124

Frequency1 month 1 week

Last Release 14 days ago

Stars10.1K

UAParser.js - The Essential Web Development Tool for User-Agent Detection. Detect Browsers, OS, Devices, Bots, Apps, AI Crawlers, and more. Run in Browser (client-side) or Node.js (server-side).

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-25927 ↗	Jan 26, 2023Thursday, 26 January 2023, 21:15	5.3 MEDIUM	—
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
CVE-2021-4229 ↗	May 24, 2022Tuesday, 24 May 2022, 16:15	5 MEDIUM	7.6 HIGH
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2021-27292 ↗	Mar 17, 2021Wednesday, 17 March 2021, 13:15	7.5 HIGH	5 MEDIUM
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
CVE-2020-7793 ↗	Dec 11, 2020Friday, 11 December 2020, 14:15	7.5 HIGH	5 MEDIUM
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
CVE-2020-7733 ↗	Sep 16, 2020Wednesday, 16 September 2020, 14:15	7.5 HIGH	5 MEDIUM
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.