Description

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.

Remediation

References

https://nodesecurity.io/advisories/312

Related Vulnerabilities

CVE-2023-6563 Vulnerability in maven package org.keycloak:keycloak-model-jpa

CVE-2015-8857 Vulnerability in maven package org.webjars.npm:uglify-js

CVE-2021-41167 Vulnerability in npm package modern-async

CVE-2023-39154 Vulnerability in maven package com.qualys.plugins:qualys-was

CVE-2020-28502 Vulnerability in maven package org.webjars.npm:xmlhttprequest

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Exploit Third Party Advisory NVD-CWE-noinfo