Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2017-18077 Vulnerability in maven package org.webjars.npm:brace-expansion
CVE-2020-11079 Vulnerability in npm package dns-sync
CVE-2020-10969 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-10727 Vulnerability in maven package org.apache.activemq:artemis-core-client
CVE-2022-25869 Vulnerability in maven package org.webjars.npm:angular