Description
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-2392 Vulnerability (CVE-2013-2392)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-7137)
Apache HTTP Server Incorrect Authorization Vulnerability (CVE-2014-8109)
WordPress Plugin YITH WooCommerce Cart Messages Security Bypass (1.4.3)
WordPress Plugin Buddy Share It Allusers FB YR Arbitrary File Upload (3.2.8)