Описание
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.12 (включая)
cpe:2.3:a:useragent_project:useragent:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 62%
0.00433
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
redhat
почти 9 лет назад
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
EPSS
Процентиль: 62%
0.00433
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-400
NVD-CWE-noinfo