Description
Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed.
Recommendation
Update the useragent package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.1.12
- Patched version(s): 2.1.13
References
Related Issues
- method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header - CVE-2017-16136
- ReDoS via long string of semicolons in tough-cookie - CVE-2016-1000232
- ReDoS in Sec-Websocket-Protocol header - CVE-2021-32640
- angular vulnerable to regular expression denial of service (ReDoS) - CVE-2022-25844
- Tags:
- npm
- useragent
Anything's wrong? Let us know Last updated on September 06, 2023