Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2022-35961 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2022-23618 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2020-26256 Vulnerability in maven package org.webjars.npm:fast-csv
CVE-2020-35149 Vulnerability in npm package mquery
CVE-2023-25761 Vulnerability in maven package org.jenkins-ci.plugins:junit