ReDoS via long UserAgent headerua-parser
Affected versions of
ua-parser are vulnerable to regular expression denial of service when given a specially crafted
No patch is currently available for this vulnerability.
The best mitigation is currently to avoid using this package, using a different, functionally equivalent package such as useragent.
publishedAdvisory publishedAug 29th, 2017
reportedInitial report by Adam BaldwinMar 6th, 2017