CVE-2021-4229

Publication date 24 May 2022

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
node-ua-parser-js	22.04 LTS jammy	Not affected
	21.10 impish	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected

Notes

seth-arnold

As far as I can tell the malicious versions weren’t introduced into Ubuntu

Severity score breakdown

Parameter	Value
Base score	8.8 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H