CVE-2020-7733

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ua-parser-js versions prior to 0.7.22

Description The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library. It may allow a remote attacker to cause a denial of service. The vulnerability is due to a Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

Recommendations For versions prior to 0.7.22, update to version 0.7.22 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable regex for Redmi Phones and Mi Pad Tablets UA until a patch is available.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2021-02864

CVE-2020-7733

GHSA-662X-FHQG-9P8V

RHSA-2021:2865

RHSA-2021:4626

SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666

SNYK-JAVA-ORGWEBJARSNPM-674665

SNYK-JS-UAPARSERJS-610226

Affected Products

Ua-Parser-Js

CVE-2020-7733

Weakness Enumeration

Related Identifiers

Affected Products

References · 12