Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2021-21174 Vulnerability in npm package electron
CVE-2020-24660 Vulnerability in npm package node-lemonldap-ng-handler
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:momentjs
CVE-2022-38639 Vulnerability in npm package markdown-nice
CVE-2022-2390 Vulnerability in maven package com.google.android.gms:play-services-basement