Description
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators.
Remediation
References
https://github.com/JefferyHus/es6-crawler-detect/pull/27
https://snyk.io/vuln/SNYK-JS-ES6CRAWLERDETECT-1051529
Related Vulnerabilities
CVE-2021-24122 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-25967 Vulnerability in npm package eta
CVE-2020-36048 Vulnerability in npm package engine.io
CVE-2017-1000189 Vulnerability in npm package ejs
CVE-2022-43425 Vulnerability in maven package io.jenkins.plugins:custom-checkbox-parameter