ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ua-parser-js | Ua-parser-js_project | 0.7.14 (including) | 0.7.24 (excluding) |
| OpenShift Logging 5.1 | RedHat | openshift-logging/kibana6-rhel8:v6.8.1-108 | * |
| OpenShift Logging 5.2 | RedHat | openshift-logging/kibana6-rhel8:v6.8.1-110 | * |
| OpenShift Logging 5.3 | RedHat | openshift-logging/kibana6-rhel8:v6.8.1-109 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 | RedHat | rhacm2/acm-grafana-rhel8:v2.3.0-38 | * |
| Red Hat OpenShift Container Platform 4.8 | RedHat | openshift4/ose-console:v4.8.0-202107010336.p0.git.188a490.assembly.stream | * |
| Red Hat OpenShift Jaeger 1.24 | RedHat | distributed-tracing/jaeger-agent-rhel8:1.24.0-9 | * |
| Red Hat OpenShift Jaeger 1.24 | RedHat | distributed-tracing/jaeger-all-in-one-rhel8:1.24.0-8 | * |
| Red Hat OpenShift Jaeger 1.24 | RedHat | distributed-tracing/jaeger-collector-rhel8:1.24.0-8 | * |
| Red Hat OpenShift Jaeger 1.24 | RedHat | distributed-tracing/jaeger-es-index-cleaner-rhel8:1.24.0-10 | * |
| Red Hat OpenShift Jaeger 1.24 | RedHat | distributed-tracing/jaeger-es-rollover-rhel8:1.24.0-14 | * |
| Red Hat OpenShift Jaeger 1.24 | RedHat | distributed-tracing/jaeger-ingester-rhel8:1.24.0-8 | * |
| Red Hat OpenShift Jaeger 1.24 | RedHat | distributed-tracing/jaeger-query-rhel8:1.24.0-9 | * |
| Red Hat OpenShift Jaeger 1.24 | RedHat | distributed-tracing/jaeger-rhel8-operator:1.24.0-16 | * |
| Node-ua-parser-js | Ubuntu | bionic | * |
| Node-ua-parser-js | Ubuntu | esm-apps/bionic | * |
| Node-ua-parser-js | Ubuntu | esm-apps/focal | * |
| Node-ua-parser-js | Ubuntu | esm-apps/jammy | * |
| Node-ua-parser-js | Ubuntu | focal | * |
| Node-ua-parser-js | Ubuntu | groovy | * |
| Node-ua-parser-js | Ubuntu | hirsute | * |
| Node-ua-parser-js | Ubuntu | impish | * |
| Node-ua-parser-js | Ubuntu | jammy | * |
| Node-ua-parser-js | Ubuntu | kinetic | * |
| Node-ua-parser-js | Ubuntu | trusty | * |
| Node-ua-parser-js | Ubuntu | upstream | * |