Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
Typedeb
Namespacedebian
Namenode-ua-parser-js
Version0.7.24+ds-1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.8.1+ds+~0.7.36-3
Latest_non_vulnerable_version0.8.1+ds+~0.7.36-3
Affected_by_vulnerabilities
0
url VCID-5rba-b2bd-nfgv
vulnerability_id VCID-5rba-b2bd-nfgv
summary 
ReDoS Vulnerability in ua-parser-js version
### Description:
A regular expression denial of service (ReDoS) vulnerability has been discovered in `ua-parser-js`.

### Impact:
This vulnerability bypass the library's `MAX_LENGTH` input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to get stuck processing for a very long time which results in a denial of service (DoS) condition.

### Affected Versions:
From version `0.7.30` to before versions `0.7.33` / `1.0.33`.

### Patches:
A patch has been released to remove the vulnerable regular expression, update to version `0.7.33` / `1.0.33` or later.

### References:
[Regular expression Denial of Service - ReDoS](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)

### Credits:
Thanks to @Snyk who first reported the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25927.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25927.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25927
reference_id
reference_type
scores
0
value 0.01453
scoring_system epss
scoring_elements 0.81145
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25927
2
reference_url https://github.com/faisalman/ua-parser-js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js
3
reference_url https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411
4
reference_url https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2165020
reference_id 2165020
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2165020
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25927
reference_id CVE-2022-25927
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25927
7
reference_url https://github.com/advisories/GHSA-fhg7-m89q-25r3
reference_id GHSA-fhg7-m89q-25r3
reference_type
scores
url https://github.com/advisories/GHSA-fhg7-m89q-25r3
8
reference_url https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3
reference_id GHSA-fhg7-m89q-25r3
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3
9
reference_url https://access.redhat.com/errata/RHSA-2023:1428
reference_id RHSA-2023:1428
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1428
fixed_packages
0
url pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie
aliases CVE-2022-25927, GHSA-fhg7-m89q-25r3, GMS-2023-120
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rba-b2bd-nfgv
Fixing_vulnerabilities
0
url VCID-77em-63g3-vfbq
vulnerability_id VCID-77em-63g3-vfbq
summary 
Uncontrolled Resource Consumption
The package ua-parser-js is vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7793.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7793.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7793
reference_id
reference_type
scores
0
value 0.02644
scoring_system epss
scoring_elements 0.86011
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7793
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18
4
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388
5
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387
6
reference_url https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1907451
reference_id 1907451
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1907451
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7793
reference_id CVE-2020-7793
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7793
fixed_packages
0
url pkg:deb/debian/node-ua-parser-js@0.7.23%2Bds-1?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.7.23%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.23%252Bds-1%3Fdistro=trixie
1
url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5rba-b2bd-nfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie
2
url pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie
aliases CVE-2020-7793, GHSA-394c-5j6w-4xmx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-77em-63g3-vfbq
1
url VCID-83tu-71pk-yyge
vulnerability_id VCID-83tu-71pk-yyge
summary 
Expression Language Injection
The package ua-parser-js is vulnerable to Regular Expression Denial of Service (ReDoS).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7733.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7733.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7733
reference_id
reference_type
scores
0
value 0.01196
scoring_system epss
scoring_elements 0.79215
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7733
2
reference_url https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d
3
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666
4
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665
5
reference_url https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226
6
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1879733
reference_id 1879733
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1879733
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7733
reference_id CVE-2020-7733
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7733
9
reference_url https://access.redhat.com/errata/RHSA-2021:2865
reference_id RHSA-2021:2865
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2865
10
reference_url https://access.redhat.com/errata/RHSA-2021:4626
reference_id RHSA-2021:4626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4626
fixed_packages
0
url pkg:deb/debian/node-ua-parser-js@0?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0%3Fdistro=trixie
1
url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5rba-b2bd-nfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie
2
url pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie
aliases CVE-2020-7733, GHSA-662x-fhqg-9p8v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83tu-71pk-yyge
2
url VCID-hahp-uba6-2qcv
vulnerability_id VCID-hahp-uba6-2qcv
summary 
Uncontrolled Resource Consumption
ua-parser-js uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious `````User-Agent````` header, ua-parser-js will get stuck processing it for an extended period of time.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27292.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27292
reference_id
reference_type
scores
0
value 0.01439
scoring_system epss
scoring_elements 0.81056
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27292
2
reference_url https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
3
reference_url https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
4
reference_url https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1940613
reference_id 1940613
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1940613
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985568
reference_id 985568
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985568
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27292
reference_id CVE-2021-27292
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27292
8
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
9
reference_url https://access.redhat.com/errata/RHSA-2021:3024
reference_id RHSA-2021:3024
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3024
10
reference_url https://access.redhat.com/errata/RHSA-2022:0226
reference_id RHSA-2022:0226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0226
11
reference_url https://access.redhat.com/errata/RHSA-2022:0227
reference_id RHSA-2022:0227
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0227
12
reference_url https://access.redhat.com/errata/RHSA-2022:0230
reference_id RHSA-2022:0230
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0230
fixed_packages
0
url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5rba-b2bd-nfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie
1
url pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie
aliases CVE-2021-27292, GHSA-78cj-fxph-m83p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hahp-uba6-2qcv
3
url VCID-uqy7-83dp-37gd
vulnerability_id VCID-uqy7-83dp-37gd
summary 
Embedded malware in ua-parser-js
The npm package `ua-parser-js` had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See [this issue](https://github.com/faisalman/ua-parser-js/issues/536) for details as they unfold.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4229
reference_id
reference_type
scores
0
value 0.00863
scoring_system epss
scoring_elements 0.75439
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4229
1
reference_url https://github.com/faisalman/ua-parser-js
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js
2
reference_url https://github.com/faisalman/ua-parser-js/issues/536
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js/issues/536
3
reference_url https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/faisalman/ua-parser-js/issues/536#issuecomment-949772496
4
reference_url https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js
reference_id
reference_type
scores
url https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js
5
reference_url https://www.npmjs.com/package/ua-parser-js
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/ua-parser-js
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4229
reference_id CVE-2021-4229
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-4229
7
reference_url https://github.com/advisories/GHSA-pjwm-rvh2-c87w
reference_id GHSA-pjwm-rvh2-c87w
reference_type
scores
url https://github.com/advisories/GHSA-pjwm-rvh2-c87w
fixed_packages
0
url pkg:deb/debian/node-ua-parser-js@0?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0%3Fdistro=trixie
1
url pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.7.24%2Bds-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5rba-b2bd-nfgv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie
2
url pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
purl pkg:deb/debian/node-ua-parser-js@0.8.1%2Bds%2B~0.7.36-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.8.1%252Bds%252B~0.7.36-3%3Fdistro=trixie
aliases CVE-2021-4229, GHSA-pjwm-rvh2-c87w, GMS-2021-1
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqy7-83dp-37gd
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/node-ua-parser-js@0.7.24%252Bds-1%3Fdistro=trixie