Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2020-28502 Vulnerability in npm package xmlhttprequest
CVE-2022-24718 Vulnerability in npm package @finastra/ssr-pages
CVE-2022-24740 Vulnerability in npm package @plone/volto
CVE-2020-26226 Vulnerability in npm package semantic-release
CVE-2021-27850 Vulnerability in maven package org.apache.tapestry:tapestry-core