CVE-2020-7793 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-7793 PUBLISHED

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

EPSS 2.64% · 85.6th percentile

Risk Scores

EPSS Score

2.64%

85.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	node-ua-parser-js	0, 0.7.14-1
Ubuntu:18.04:LTS	node-ua-parser-js	0, 0.7.14-1

Timeline

Dec 11, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 7, 2022 PoC Published
Mar 7, 2023 EPSS Score
Oct 21, 2023 PoC Published
Nov 17, 2024 PoC Published
Mar 17, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 9, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2020-7793 third-party-advisory
https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 third-party-advisory
https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-1050388 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050387 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-7793 third-party-advisory

Open in Interactive Console →