Description

ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.

Remediation

References

https://nodesecurity.io/advisories/316

Related Vulnerabilities

CVE-2016-0779 Vulnerability in maven package org.apache.tomee:arquillian-tomee-embedded

CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-util

CVE-2017-16220 Vulnerability in npm package wind-mvc

CVE-2016-8750 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules

CVE-2016-10568 Vulnerability in npm package geoip-lite-country

Severity

High

Classification

CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory