CVE-2021-27292

Name of the Vulnerable Software and Affected Versions ua-parser-js versions 0.7.14 through 0.7.23

Description The issue is related to an uncontrolled resource consumption vulnerability in the ua-parser-js library. It can be exploited by a remote attacker to cause a denial of service. The vulnerability arises from a regular expression that is vulnerable to denial of service attacks. If an attacker sends a malicious User-Agent header, the library will get stuck processing it for an extended period.

Recommendations For versions 0.7.14 through 0.7.23, update to version 0.7.24 to resolve the issue. As a temporary workaround, consider restricting access to the User-Agent header to minimize the risk of exploitation.