Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2021-23632 Vulnerability in npm package git
CVE-2022-24948 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2022-21186 Vulnerability in npm package @acrontum/filesystem-template
CVE-2020-14968 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2021-37306 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base