Faisal Salman

3 exploits Active since Sep 2020
CVE-2020-7733 WRITEUP HIGH WRITEUP
ua-parser-js < 0.7.22 - Regular Expression Denial of Service via Redmi and Mi Pad User-Agent Parsing
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
CVSS 7.5
CVE-2020-7793 WRITEUP HIGH WRITEUP
ua-parser-js < 0.7.23 - Regular Expression Denial of Service
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
CVSS 7.5
CVE-2021-27292 WRITEUP HIGH WRITEUP
ua-parser-js 0.7.14-0.7.23 - Denial of Service via Malicious User-Agent Header
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
CVSS 7.5