CVE-2017-16086
EPSS 57.8%ReDoS via long UserAgent header in ua-parser
發布日:2018/7/24修改日:2023/11/8
描述
Affected versions of `ua-parser` are vulnerable to regular expression denial of service when given a specially crafted `User-Agent` header. ## Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different, functionally equivalent package such as [useragent](https://www.npmjs.com/package/useragent).
受影響套件(1)
- npm/ua-parserfrom 0, <= 0.3.5