ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
{ "cpe": "cpe:2.3:a:ua-parser-js_project:ua-parser-js:*:*:*:*:*:node.js:*:*", "extracted_events": [ { "introduced": "0.7.14" }, { "fixed": "0.7.24" } ], "source": [ "CPE_RANGE", "REFERENCES" ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27292.json"
{ "source": "REFERENCES" }