Denial of Service Vulnerability in ua-parser-js <= 0.7.14

Denial of Service Vulnerability in ua-parser-js <= 0.7.14

CVE-2021-27292 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

Learn more about our User Device Pen Test.