Original release date: October 22, 2021
Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system.
CISA urges users and administers using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1
For more information, see Embedded malware in ua-parser-js.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed…
Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and…
CISA released Microsegmentation in Zero Trust, Part One: Introduction and Planning as part of its…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
Update (07/24/2025): CISA continues to update reporting on this ongoing activity, as threat actor tactics,…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
This website uses cookies.