Description

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.

Remediation

References

https://nodesecurity.io/advisories/312

Related Vulnerabilities

CVE-2019-10765 Vulnerability in npm package iobroker.admin

CVE-2023-29216 Vulnerability in maven package org.apache.linkis:linkis-common

CVE-2020-28052 Vulnerability in maven package bouncycastle:bcprov-jdk14

CVE-2018-3726 Vulnerability in npm package crud-file-server

CVE-2023-34981 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory NVD-CWE-noinfo