Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package uap-core, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2020-5243 — CVSS 5.7 (medium): uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable…
CVE-2018-20164 — CVSS 5.3 (medium): An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS)…
CVE-2021-21317 — CVSS 5.3 (medium): uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before…