Description

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.

Remediation

References

https://nodesecurity.io/advisories/312

Related Vulnerabilities

CVE-2021-21174 Vulnerability in npm package electron

CVE-2020-24660 Vulnerability in npm package node-lemonldap-ng-handler

CVE-2022-31129 Vulnerability in maven package org.webjars.bower:momentjs

CVE-2022-38639 Vulnerability in npm package markdown-nice

CVE-2022-2390 Vulnerability in maven package com.google.android.gms:play-services-basement

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory NVD-CWE-noinfo