How severe is CVE-2022-25927?

CVE-2022-25927 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2022-25927

Name: ua-parser-js
Author: ua-parser-js_project

5.3MEDIUM

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

发布于: 1/26/2023更新于: 4/1/2025

描述

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

AI分析AI驱动

受影响产品

ua-parser-js_projectua-parser-js

参考资料

https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
ExploitThird Party Advisory
https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
PatchThird Party Advisory
https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
ExploitThird Party Advisory