CVE-2020-7733
Regular Expression Denial of Service (ReDoS)
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
El paquete ua-parser-js versiones anteriores a 0.7.22, es vulnerable a una Denegación de Servicio de Expresión Regular (ReDoS) por medio de la regex para Redmi Phones y Mi Pad Tablets UA
A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
*Credits:
Yeting Li
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-21 CVE Reserved
- 2020-09-16 CVE Published
- 2023-06-02 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://www.oracle.com//security-alerts/cpujul2021.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBFAISALMAN-674666 | 2024-09-17 | |
| https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-674665 | 2024-09-17 | |
| https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 | 2024-09-17 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d | 2022-10-07 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2020-7733 | 2021-11-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879733 | 2021-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ua-parser-js Project Search vendor "Ua-parser-js Project" | Ua-parser-js Search vendor "Ua-parser-js Project" for product "Ua-parser-js" | < 0.7.22 Search vendor "Ua-parser-js Project" for product "Ua-parser-js" and version " < 0.7.22" | node.js |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Function Cloud Native Environment Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" | 1.7.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "1.7.0" | - |
Affected
| ||||||