Description

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.

Remediation

References

https://nodesecurity.io/advisories/312

Related Vulnerabilities

CVE-2022-39236 Vulnerability in npm package matrix-js-sdk

CVE-2017-18353 Vulnerability in npm package rendertron-middleware

CVE-2021-32012 Vulnerability in npm package xlsx

CVE-2022-28366 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml

CVE-2019-13127 Vulnerability in maven package org.webjars.bowergithub.jgraph:mxgraph

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory NVD-CWE-noinfo