Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. Upstream fix: https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411 Synk security advisory: https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450 GitHub security advisory: https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3
Created golang-entgo-ent tracking bugs for this issue: Affects: fedora-all [bug 2174269] Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2174270] Created mozjs68 tracking bugs for this issue: Affects: fedora-all [bug 2174271] Created mozjs78 tracking bugs for this issue: Affects: fedora-all [bug 2174272] Created seamonkey tracking bugs for this issue: Affects: epel-all [bug 2174268] Affects: fedora-all [bug 2174274] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2174275]
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:1428 https://access.redhat.com/errata/RHSA-2023:1428
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25927