Description
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.
Remediation
References
https://github.com/JefferyHus/es6-crawler-detect/pull/27
https://snyk.io/vuln/SNYK-JS-ES6CRAWLERDETECT-1051529
Related Vulnerabilities
CVE-2020-26302 Vulnerability in maven package org.webjars.npm:is_js
CVE-2022-35917 Vulnerability in npm package @solana/pay
CVE-2022-28367 Vulnerability in maven package org.owasp.antisamy:antisamy
CVE-2022-31112 Vulnerability in npm package parse-server
CVE-2021-41251 Vulnerability in npm package @sap-cloud-sdk/core