Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2021-29300 Vulnerability in npm package opened
CVE-2021-23363 Vulnerability in npm package kill-by-port
CVE-2021-21119 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-2231 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-28470 Vulnerability in npm package @scullyio/scully