Home > Vulnerability Database > WS-2021-0012

Mend.io Vulnerability Database

WS-2021-0012

Good to know:

Date: January 31, 2021

In uap-core before 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings.

Language: JS

Severity Score

8.3

Related Resources (2)

Url: https://github.com/ua-parser/uap-core/commit/dc9925d458214cfe87b93e35346980612f6ae96c

Url: https://www.mend.io/vulnerability-database/WS-2021-0012

Severity Score

8.3

Weakness Type (CWE)

Incorrect Regular Expression

CWE-185

Top Fix

Upgrade Version

Upgrade to version uaparser - no_fix;ua-parser - no_fix;uap-core - 0.11.0

Learn More

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0012

Good to know:

Date: January 31, 2021

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?