CVE-2022-25927

Summary

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

Affected Software

VendorProductVersion RangeStatus
n/aua-parser-js0.7.30 < 0.7.33affected
n/aua-parser-js0.8.1 < 1.0.33affected

Weaknesses

  • CWE-1333: Regular Expression Denial of Service (ReDoS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References