Description
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.
Remediation
References
https://github.com/JefferyHus/es6-crawler-detect/pull/27
https://snyk.io/vuln/SNYK-JS-ES6CRAWLERDETECT-1051529
Related Vulnerabilities
CVE-2021-37136 Vulnerability in maven package io.netty:netty-codec
CVE-2023-45278 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee9:jetty-ee9-servlets
CVE-2016-10550 Vulnerability in npm package sequelize
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web