CVE-2021-4229

MEDIUM

ua-parser-js <1.0.0 - RCE

Title source: llm

Description

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.

References (3)

[Third Party Advisory] https://github.com/advisories/GHSA-pjwm-rvh2-c87w

[Issue Tracking, Patch, Third Party Advisory] https://github.com/faisalman/ua-parser-js/issues/536

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.185453

Scores

CVSS v3 5.0

EPSS 0.0086

EPSS Percentile 75.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-912 CWE-829

Status published

Products (4)

npm/ua-parser-js 0.7.29 - 0.7.30npm

ua-parser-js_project/ua-parser-js 0.7.29

ua-parser-js_project/ua-parser-js 0.8.0

ua-parser-js_project/ua-parser-js 1.0.0

Published May 24, 2022

Tracked Since Feb 18, 2026