CVE-2021-4229

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
VulDBCNA
5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
ua-parser-js_projectua-parser-js
0.7.29
ua-parser-js_projectua-parser-js
0.8.0
ua-parser-js_projectua-parser-js
1.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-ua-parser-js
bullseye
0.7.24+ds-1
fixed
bookworm
0.8.1+ds+~0.7.36-3
fixed
sid
0.8.1+ds+~0.7.36-3
fixed
trixie
0.8.1+ds+~0.7.36-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-ua-parser-js
jammy
not-affected
impish
not-affected
focal
not-affected
bionic
not-affected
Common Weakness Enumeration
References
https://github.com/advisories/GHSA-pjwm-rvh2-c87w
https://github.com/faisalman/ua-parser-js/issues/536
https://vuldb.com/?id.185453
https://github.com/advisories/GHSA-pjwm-rvh2-c87w
https://github.com/faisalman/ua-parser-js/issues/536
https://vuldb.com/?id.185453