CVE-2021-27292

ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

References

Affected packages

Git / github.com/faisalman/ua-parser-js

Affected ranges

Type: GIT
Repo: https://github.com/faisalman/ua-parser-js
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

809439e20e273ce0d25c1d04e111dcf6011eb566

Introduced

7ae3098778572742544385938a2726c4efa01a02

Fixed

809439e20e273ce0d25c1d04e111dcf6011eb566

Affected versions

0.*

0.7.14

0.7.15

0.7.16

0.7.17

0.7.18

0.7.19

0.7.20

0.7.21

0.7.22

0.7.23

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27292.json"

Git / github.com/pygments/pygments

Affected ranges

Type: GIT
Repo: https://github.com/pygments/pygments
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2e7e8c4a7b318f4032493773732754e418279a14

Affected versions

0.*

0.10

0.11

0.11.1

0.5

0.5.1

0.6

0.7

0.7.1

0.8

0.8.1

0.9

1.*

1.0

1.1

1.1.1

1.2

1.2.1

1.2.2

1.3

1.3.1

1.4

1.5

1.6

1.6rc1

2.*

2.0

2.0.1

2.0.2

2.0rc1

2.1

2.1.1

2.1.2

2.1.3

2.2.0

2.3.0

2.3.1

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.7.0

2.7.1

2.7.2

2.7.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27292.json"