PT-2022-11584 · Unknown · Ua-Parser-Js

Superoleg39

Published

2021-10-22

Updated

2022-06-06

CVE-2021-4229

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ua-parser-js versions 0.7.29 through 1.0.0

Description A critical issue affects the crypto mining component, introducing a backdoor. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions 0.7.29, upgrade to version 0.7.30. For version 0.8.0, upgrade to version 0.8.1. For version 1.0.0, upgrade to version 1.0.1.

Fix

Hidden Functionality

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829CWE-912

Related Identifiers

CVE-2021-4229

GHSA-236C-VHJ4-GFXG

GHSA-PJWM-RVH2-C87W

Affected Products

Ua-Parser-Js

PT-2022-11584 · Unknown · Ua-Parser-Js

CVE-2021-4229

Weakness Enumeration

Related Identifiers

Affected Products

References · 12