Description
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.
Remediation
References
https://nodesecurity.io/advisories/316
Related Vulnerabilities
CVE-2022-45401 Vulnerability in maven package org.jenkinsci.plugins:associated-files
CVE-2019-14862 Vulnerability in maven package org.jszip.redist:knockout
CVE-2022-1365 Vulnerability in npm package cross-fetch
CVE-2018-7651 Vulnerability in maven package org.webjars.npm:ssri
CVE-2018-1230 Vulnerability in maven package org.springframework.batch:spring-batch-admin