VDB
CVE-2020-7733
CVE-2020-7733
PUBLISHED
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
EPSS 1.20% · 79.2th percentile
Risk Scores
EPSS Score
1.20%
79.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | node-ua-parser-js | 0.7.24+ds-2, 0.7.31+ds+~0.7.36-1, 0 |
| Ubuntu:20.04:LTS | node-ua-parser-js | 0.7.14-1, 0 |
| Ubuntu:24.04:LTS | node-ua-parser-js | 0, 0.8.1+ds+~0.7.36-3 |
| Ubuntu:18.04:LTS | node-ua-parser-js | 0, 0.7.14-1 |
| Ubuntu:25.10 | node-ua-parser-js | 0, 0.8.1+ds+~0.7.36-3 |
Exploit Intelligence
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666 (nist-nvd)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665 (nist-nvd)
- https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 (nist-nvd)
- https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d (circl)
- https://www.oracle.com//security-alerts/cpujul2021.html (circl)
Timeline
- Sep 16, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jul 21, 2021 CVE Updated
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-7733 third-party-advisory
- https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d third-party-advisory
- https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 third-party-advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666 third-party-advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-7733 third-party-advisory