You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerable module: ua-parser-js
Introduced through: draft-js@0.11.7
Exploit maturity: No known exploit
Fixed in: 0.7.24
Detailed paths
Introduced through: fec-cms@1.0.0 › draft-js@0.11.7 › fbjs@2.0.0 › ua-parser-js@0.7.22
Remediation: Your dependencies are out of date, otherwise you would be using a newer ua-parser-js than ua-parser-js@0.7.22. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.
Overview
ua-parser-js is a lightweight JavaScript-based user-agent string parser.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Within src/ua-parser.js, the browser regex is vulnerable to exponential backtracking.
The text was updated successfully, but these errors were encountered:
johnnyporkchops
changed the title
[Snyk: Med] Regular Expression Denial of Service with ua-parser-js (due 4/18/21)
[Snyk: HIGH] Regular Expression Denial of Service with ua-parser-js (due 4/18/21)
Mar 30, 2021
johnnyporkchops
changed the title
[Snyk: HIGH] Regular Expression Denial of Service with ua-parser-js (due 4/18/21)
[Snyk: MED] Regular Expression Denial of Service with ua-parser-js (due 4/18/21)
Mar 30, 2021
Regular Expression Denial of Service (ReDoS)
Vulnerable module: ua-parser-js
Introduced through: draft-js@0.11.7
Exploit maturity: No known exploit
Fixed in: 0.7.24
Detailed paths
Introduced through: fec-cms@1.0.0 › draft-js@0.11.7 › fbjs@2.0.0 › ua-parser-js@0.7.22
Remediation: Your dependencies are out of date, otherwise you would be using a newer ua-parser-js than ua-parser-js@0.7.22. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.
Overview
ua-parser-js is a lightweight JavaScript-based user-agent string parser.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). Within src/ua-parser.js, the browser regex is vulnerable to exponential backtracking.
The text was updated successfully, but these errors were encountered: