Описание
ReDoS via long UserAgent header in ua-parser
Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header.
Recommendation
No patch is currently available for this vulnerability.
The best mitigation is currently to avoid using this package, using a different, functionally equivalent package such as useragent.
Пакеты
Наименование
ua-parser
npm
Затронутые версииВерсия исправления
<= 0.3.5
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.