CVE-2020-7793
published 2020-12-11CVE-2020-7793: The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | node-ua-parser-js | < node-ua-parser-js 0.7.23+ds-1 (bookworm) | node-ua-parser-js 0.7.23+ds-1 (bookworm) |
| siemens | sinec_ins | < 1.0 | 1.0 |
| siemens | sinec_ins | — | — |
| ua-parser-js_project | ua-parser-js | < 0.7.23 | 0.7.23 |
| ua-parser-js_project | ua-parser-js | >= 0 < 0.7.23 | 0.7.23 |
| ua-parser-js_project | ua-parser-js | >= unspecified < 0.7.23 | 0.7.23 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH