Malware Discovered in Popular NPM Package, ua-parser-js

Original release date: October 22, 2021

Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system. 

CISA urges users and administers using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1   

For more information, see Embedded malware in ua-parser-js.
 

This product is provided subject to this Notification and this Privacy & Use policy.