Skip to content

ua-parser/uap-php ReDoS vulnerability

Moderate severity GitHub Reviewed Published Jun 7, 2024 to the GitHub Advisory Database • Updated Jun 7, 2024

Package

composer ua-parser/uap-php (Composer)

Affected versions

< 3.8.0

Patched versions

3.8.0

Description

A regex expression in ua-parser/uap-php could lead to a ReDoS vulnerability in versions prior to 3.8.0.

References

Published to the GitHub Advisory Database Jun 7, 2024
Reviewed Jun 7, 2024
Last updated Jun 7, 2024

Severity

Moderate

EPSS score

Weaknesses

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-78hm-5hjw-58mh

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.