Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ua-parser-js(npm) | 0.7.30 | 0.7.33 | N/A |
| ua-parser-js(npm) | 0.8.0 | 1.0.33 | N/A |
CVSS Metrics
