Description

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.

Remediation

References

https://nodesecurity.io/advisories/312

Related Vulnerabilities

CVE-2020-23849 Vulnerability in npm package jsoneditor

CVE-2022-43423 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader

CVE-2013-5960 Vulnerability in maven package org.owasp.esapi:esapi

CVE-2021-3766 Vulnerability in npm package objection

CVE-2020-36049 Vulnerability in maven package org.webjars.npm:socket.io-parser

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory NVD-CWE-noinfo