This repository has been archived by the owner on Dec 8, 2022. It is now read-only.

Vulnerability in ua-parser-js #340

Open

justineshaw opened this issue Jan 12, 2021 · 0 comments

Labels

From: Consumer Impact: Medium Severity: Medium Type: Bug

justineshaw commented Jan 12, 2021

There's a vulnerability in ua-parser-js, which karma is dependent on.

The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).

See whitesource for more info (link).

Blackbaud-DanMiller added From: Consumer Impact: Medium Severity: Medium Type: Bug labels

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.