Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2020-35211 Vulnerability in maven package io.atomix:atomix
CVE-2020-13959 Vulnerability in maven package org.apache.velocity.tools:velocity-tools-view
CVE-2013-1814 Vulnerability in maven package org.apache.rave:rave-web
CVE-2021-21298 Vulnerability in npm package @node-red/runtime
CVE-2020-11990 Vulnerability in npm package cordova-plugin-camera