Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtZzktcDlyMi02cTg3

ReDoS via long UserAgent header in ua-parser

Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header.

Recommendation

No patch is currently available for this vulnerability.

The best mitigation is currently to avoid using this package, using a different, functionally equivalent package such as useragent.

Permalink: https://github.com/advisories/GHSA-pmg9-p9r2-6q87
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtZzktcDlyMi02cTg3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 6 years ago
Updated: almost 2 years ago

Identifiers: GHSA-pmg9-p9r2-6q87, CVE-2017-16086
References:

• https://nvd.nist.gov/vuln/detail/CVE-2017-16086
• https://github.com/advisories/GHSA-pmg9-p9r2-6q87
• https://www.npmjs.com/advisories/316

Blast Radius: 0.0

Affected Packages