CVE-2022-25927

Name of the Vulnerable Software and Affected Versions ua-parser-js versions 0.7.30 through 0.7.32 ua-parser-js versions 0.8.1 through 1.0.32

Description A regular expression denial of service (ReDoS) issue has been discovered in ua-parser-js, allowing an attacker to craft a long user-agent string with a specific pattern, causing the script to get stuck processing for a long time and resulting in a denial of service (DoS) condition. This vulnerability bypasses the library's MAX LENGTH input limit prevention.

Recommendations For ua-parser-js versions 0.7.30 through 0.7.32, update to version 0.7.33 or later. For ua-parser-js versions 0.8.1 through 1.0.32, update to version 1.0.33 or later. As a temporary workaround, consider restricting the input to the trim() function to prevent exploitation until a patch is applied.