Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-j1g9-gab7-cbch
Summary
Regular Expression Denial of Service (ReDoS) in ua-parser-js
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
Aliases
0
alias CVE-2021-27292
1
alias GHSA-78cj-fxph-m83p
Fixed_packages
0
url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jzj3-ddrr-u7hd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie
1
url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1
purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jzj3-ddrr-u7hd
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1
2
url pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie
3
url pkg:npm/ua-parser-js@0.7.24
purl pkg:npm/ua-parser-js@0.7.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.24
Affected_packages
0
url pkg:deb/debian/node-ua-parser-js@0.7.14-1
purl pkg:deb/debian/node-ua-parser-js@0.7.14-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.14-1
1
url pkg:npm/ua-parser-js@0.7.14
purl pkg:npm/ua-parser-js@0.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
2
vulnerability VCID-q32y-yvrx-wkby
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.14
2
url pkg:npm/ua-parser-js@0.7.15
purl pkg:npm/ua-parser-js@0.7.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
2
vulnerability VCID-q32y-yvrx-wkby
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.15
3
url pkg:npm/ua-parser-js@0.7.16
purl pkg:npm/ua-parser-js@0.7.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
2
vulnerability VCID-q32y-yvrx-wkby
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.16
4
url pkg:npm/ua-parser-js@0.7.17
purl pkg:npm/ua-parser-js@0.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
2
vulnerability VCID-q32y-yvrx-wkby
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.17
5
url pkg:npm/ua-parser-js@0.7.18
purl pkg:npm/ua-parser-js@0.7.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
2
vulnerability VCID-q32y-yvrx-wkby
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.18
6
url pkg:npm/ua-parser-js@0.7.19
purl pkg:npm/ua-parser-js@0.7.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
2
vulnerability VCID-q32y-yvrx-wkby
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.19
7
url pkg:npm/ua-parser-js@0.7.20
purl pkg:npm/ua-parser-js@0.7.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
2
vulnerability VCID-q32y-yvrx-wkby
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.20
8
url pkg:npm/ua-parser-js@0.7.21
purl pkg:npm/ua-parser-js@0.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
2
vulnerability VCID-q32y-yvrx-wkby
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.21
9
url pkg:npm/ua-parser-js@0.7.22
purl pkg:npm/ua-parser-js@0.7.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6c98-q4en-3uek
1
vulnerability VCID-j1g9-gab7-cbch
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.22
10
url pkg:npm/ua-parser-js@0.7.23
purl pkg:npm/ua-parser-js@0.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j1g9-gab7-cbch
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ua-parser-js@0.7.23
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27292.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27292
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50132
published_at 2026-04-21T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50158
published_at 2026-04-18T12:55:00Z
2
value 0.00266
scoring_system epss
scoring_elements 0.50114
published_at 2026-04-13T12:55:00Z
3
value 0.00266
scoring_system epss
scoring_elements 0.50117
published_at 2026-04-12T12:55:00Z
4
value 0.00266
scoring_system epss
scoring_elements 0.50144
published_at 2026-04-11T12:55:00Z
5
value 0.00266
scoring_system epss
scoring_elements 0.50133
published_at 2026-04-08T12:55:00Z
6
value 0.00266
scoring_system epss
scoring_elements 0.50129
published_at 2026-04-04T12:55:00Z
7
value 0.00266
scoring_system epss
scoring_elements 0.50079
published_at 2026-04-07T12:55:00Z
8
value 0.00266
scoring_system epss
scoring_elements 0.50066
published_at 2026-04-01T12:55:00Z
9
value 0.00266
scoring_system epss
scoring_elements 0.50126
published_at 2026-04-09T12:55:00Z
10
value 0.00266
scoring_system epss
scoring_elements 0.50101
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27292
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27292
3
reference_url https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
4
reference_url https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
5
reference_url https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27292
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27292
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1940613
reference_id 1940613
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1940613
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985568
reference_id 985568
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985568
9
reference_url https://github.com/advisories/GHSA-78cj-fxph-m83p
reference_id GHSA-78cj-fxph-m83p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-78cj-fxph-m83p
10
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
11
reference_url https://access.redhat.com/errata/RHSA-2021:3024
reference_id RHSA-2021:3024
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3024
12
reference_url https://access.redhat.com/errata/RHSA-2022:0226
reference_id RHSA-2022:0226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0226
13
reference_url https://access.redhat.com/errata/RHSA-2022:0227
reference_id RHSA-2022:0227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0227
14
reference_url https://access.redhat.com/errata/RHSA-2022:0230
reference_id RHSA-2022:0230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0230
Weaknesses
0
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-j1g9-gab7-cbch