Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2021-23406 Vulnerability in npm package pac-resolver
CVE-2019-18798 Vulnerability in npm package node-sass
CVE-2022-36127 Vulnerability in npm package skywalking-backend-js
CVE-2023-46234 Vulnerability in npm package browserify-sign
CVE-2021-21294 Vulnerability in maven package org.http4s:http4s-blaze-server_2.13