Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2020-7712 Vulnerability in maven package org.webjars.npm:json
CVE-2019-10747 Vulnerability in npm package set-value
CVE-2022-24376 Vulnerability in npm package git-promise
CVE-2023-26136 Vulnerability in maven package org.webjars.npm:tough-cookie
CVE-2023-44794 Vulnerability in maven package cn.dev33:sa-token-core