CVE-2021-4229
Published: 24 May 2022
Summary
CVE-2021-4229 is a medium-severity Hidden Functionality (CWE-912) vulnerability in Ua-Parser-Js Project Ua-Parser-Js. Its CVSS base score is 5.0 (Medium).
Operationally, ranked in the top 24.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-34087
Vulnerability details
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended…
more
to upgrade the affected component.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: backdoor
Related Threats
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Documenting every system component at the required granularity and reviewing the inventory detects or prevents hidden functionality from remaining undetected.
Strategy mandates assessment of third-party components and suppliers, directly reducing inclusion of functionality from untrusted control spheres.
Requires use of trusted sources and provenance tracking, tangibly limiting inclusion of functionality from untrusted control spheres.
Addresses hidden functionality by mandating evidence that the system or component contains no undocumented or unauthorized capabilities that could be exploited.
Reimplementing critical components avoids pulling in functionality from untrusted external control spheres.
Inspection can reveal hidden functionality that an attacker has introduced via tampering or unauthorized modification.
Anti-counterfeit procedures directly block inclusion of components originating from untrusted supply-chain actors.
Documenting component provenance ensures functionality is only included from verified, trusted control spheres rather than untrusted ones.