Advisories for Maven/Com.github.ua-Parser/Uap-Java package

2019

ReDoS

The programming library UA-Parser uses regular expressions to identify user agent strings. The complexity of some of the regular expressions is such that an attacker can craft special patterns that keep the server busy for a long time. By sending many requests in short order, an attacker can exhaust the amount of processing power available.