CVE-2017-16086

EPSS 57.8%

ReDoS via long UserAgent header in ua-parser

Published: 7/24/2018Modified: 11/8/2023

Description

Affected versions of `ua-parser` are vulnerable to regular expression denial of service when given a specially crafted `User-Agent` header. ## Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different, functionally equivalent package such as [useragent](https://www.npmjs.com/package/useragent).

Affected packages (1)

npm/ua-parserfrom 0, <= 0.3.5

References (3)

ADVISORYhttps://github.com/advisories/GHSA-pmg9-p9r2-6q87
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16086
WEBhttps://www.npmjs.com/advisories/316