Source: uap-core Version: 20190213-2 Severity: grave Tags: security upstream
Hi, The following vulnerability was published for uap-core. CVE-2020-5243[0]: | uap-core before 0.7.3 is vulnerable to a denial of service attack when | processing crafted User-Agent strings. Some regexes are vulnerable to | regular expression denial of service (REDoS) due to overlapping | capture groups. This allows remote attackers to overload a server by | setting the User-Agent header in an HTTP(S) request to maliciously | crafted long strings. This has been patched in uap-core 0.7.3. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-5243 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5243 [1] https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p Regards, Salvatore
