Description
Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed.
Recommendation
Update the useragent package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.1.12
- Patched version(s): 2.1.13
References
Related Issues
- Mammoth is vulnerable to Directory Traversal - CVE-2025-11849
- Cross Site Scripting vulnerability in store2 - CVE-2024-57556
- json-logic-js Command Injection vulnerability - CVE-2021-4329
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- Tags:
- npm
- useragent
Anything's wrong? Let us know Last updated on September 06, 2023