CVE-2022-25927

CVSS 5.3 · Medium EPSS 1.49% · P81 Updated Apr 08, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-25927

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

CWE-1333

Source: NVD (National Vulnerability Database)

Vulnerability Title

ua-parser-js 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ua-parser-js是基于JavaScript的User-Agent字符串解析器。可以在浏览器（客户端）或node.js（服务器端）环境中使用。也可以作为jQuery / Zepto插件，Bower / Meteor软件包和RequireJS / AMD模块使用。 ua-parser-js 1.0.33之前版本存在安全漏洞，该漏洞源于通过trim()函数存在正则表达式拒绝服务(ReDoS)。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	ua-parser-js	0.7.30 ~ 0.7.33	-

II. Public POCs for CVE-2022-25927

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/masahiro331/cve-2022-25927	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-25927

请登录查看更多情报信息。

Same Patch Batch · n/a · 2023-01-25 · 37 CVEs total

CVE-2022-25894	9.8 CRITICAL	UFLO 代码注入漏洞
CVE-2022-25882	7.5 HIGH	Open Neural Network Exchange 路径遍历漏洞
CVE-2022-21192	7.5 HIGH	serve-lite 路径遍历漏洞
CVE-2022-25962	7.4 HIGH	Vagrant 安全漏洞
CVE-2022-21810	7.4 HIGH	smartctl 安全漏洞
CVE-2022-25847	5.4 MEDIUM	serve-lite 跨站脚本漏洞
CVE-2022-46624		Online Graduate Tracer System 跨站脚本漏洞
CVE-2023-24495		Tenable.sc 代码问题漏洞
CVE-2022-46957		Online Graduate Tracer System 跨站脚本漏洞
CVE-2022-46998		taoCMS 代码问题漏洞
CVE-2022-46999		TuziCMS SQL注入漏洞
CVE-2022-47052		NETGEAR Nighthawk AC1200 注入漏洞
CVE-2022-47073		Small CRM 跨站脚本漏洞
CVE-2022-47767		Solar Log Gateway 安全漏洞
CVE-2023-0229		Red Hat OpenShift 输入验证错误漏洞
CVE-2023-0468		Linux kernel 资源管理错误漏洞
CVE-2023-0469		Linux kernel 资源管理错误漏洞
CVE-2023-0476		Tenable.Sc 注入漏洞
CVE-2023-23151		bloofoxCMS 安全漏洞
CVE-2023-24493		Tenable.sc 输入验证错误漏洞

Showing top 20 of 37 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: ua-parser-js

Same vendor: n/a

Same weakness: CWE-1333

V. Comments for CVE-2022-25927

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-25927

I. Basic Information for CVE-2022-25927

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-25927

III. Intelligence Information for CVE-2022-25927

Same Patch Batch · n/a · 2023-01-25 · 37 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-25927

Leave a comment