Description
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Remediation
References
https://nodesecurity.io/advisories/312
Related Vulnerabilities
CVE-2021-32803 Vulnerability in npm package tar
CVE-2021-35516 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2022-37724 Vulnerability in maven package wonder.utilities:utilities
CVE-2023-33510 Vulnerability in maven package org.jeecgframework.p3:jeecg-p3-biz-chat
CVE-2020-28281 Vulnerability in npm package set-object-value