UAParser.js Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25927)

Description

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

Remediation

References

CVE-2022-25927

Related Vulnerabilities

WordPress Plugin Appointment Booking Calendar and Online Scheduling-BookingPress Insecure Direct Object Reference (1.0.30)

WordPress Plugin Asset CleanUp:Page Speed Booster Cross-Site Scripting (1.3.6.7)

WordPress Plugin Fancy Product Designer-WooCommerce Arbitrary File Upload (4.5.1)

WordPress Plugin Flamingo CSV Injection (2.1)

WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (4.6.0)

Severity

High

Classification

CVE-2022-25927 CWE-1333 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H