CVE-2020-26311 HIGH

CVE-2020-26311: GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent

Vendor 3Rd-Eden
Product useragent
Weakness CWE-1333
Published October 26, 2024
Last update October 28, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/U:Green

What the vulnerability does

01Description

Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available.

Key dates

02Disclosure timeline

October 26, 2024 CVE published
October 28, 2024 Record updated