duskload / react-device-detect

Detect device, and render view according to detected device type.
MIT License
2.82k stars 155 forks source link

Current Version 2.2.2 has security vulnerability on old version of ua-parser-js #203

Closed jeffxor closed 1 year ago

jeffxor commented 1 year ago
  1. Bug description

ua-parser-js >=0.8.0 <1.0.33 || <0.7.33 Severity: high ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3 ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3

  1. Steps to reproduce npm audit

It appears there is an existing pull request that will resolve these issues

duskload commented 1 year ago

Released new version 2.2.3 with a fix