Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2022-25892 Vulnerability in npm package hummus
CVE-2023-24807 Vulnerability in npm package undici
CVE-2020-36049 Vulnerability in maven package org.webjars.npm:socket.io-parser
CVE-2022-31151 Vulnerability in npm package undici
CVE-2019-20149 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:kind-of