Regular Expression Denial of Service (ReDoS)
Affecting useragent package, versions <2.1.12
useragent allows you to parse user agent string with high accuracy by using hand tuned dedicated regular expressions for browser matching.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. A malicious user could cause the server to block by editing the request headers with an arbitrarily long useragent string.
useragent to version 2.1.12 or higher.
Do your applications use this vulnerable package?
- Mathias Madsen
- Snyk ID
- 06 Feb, 2017
- 16 Apr, 2017