CVE-2022-25927 PoC — ua-parser-js 安全漏洞

Source

https://github.com/masahiro331/cve-2022-25927

Associated Vulnerability

Title:ua-parser-js 安全漏洞 (CVE-2022-25927)
Description:ua-parser-js是基于JavaScript的User-Agent字符串解析器。可以在浏览器（客户端）或node.js（服务器端）环境中使用。也可以作为jQuery / Zepto插件，Bower / Meteor软件包和RequireJS / AMD模块使用。 ua-parser-js 1.0.33之前版本存在安全漏洞，该漏洞源于通过trim()函数存在正则表达式拒绝服务(ReDoS)。

File Snapshot


 [4.0K]  /data/pocs/ede0ae2cf7528c77dbbb857121c2084b14ef77fb
├── [ 423]  main.js
├── [4.0K]  node_modules
│   └── [4.0K]  ua-parser-js
│       ├── [  41]  changelog.md
│       ├── [4.0K]  dist
│       │   ├── [  43]  ua-parser.html
│       │   ├── [ 20K]  ua-parser.min.js
│       │   └── [ 15K]  ua-parser.pack.js
│       ├── [1.1K]  license.md
│       ├── [7.4K]  package.json
│       ├── [ 14K]  readme.md
│       └── [4.0K]  src
│           └── [ 44K]  ua-parser.js
├── [  58]  package.json
└── [ 738]  package-lock.json

4 directories, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-25927 PoC — ua-parser-js 安全漏洞

Source

Associated Vulnerability

File Snapshot

Remarks