Description

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.

Remediation

References

https://nodesecurity.io/advisories/312

Related Vulnerabilities

CVE-2020-28487 Vulnerability in maven package org.webjars.bowergithub.visjs:vis-timeline

CVE-2021-40823 Vulnerability in npm package matrix-js-sdk

CVE-2022-41252 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt

CVE-2019-5416 Vulnerability in npm package localhost-now

CVE-2021-39134 Vulnerability in npm package @npmcli/arborist

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory NVD-CWE-noinfo