CVE-2017-16030

EUVD-2018-0302
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
useragent_projectuseragent
𝑥
≤ 2.1.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://nodesecurity.io/advisories/312
https://nodesecurity.io/advisories/312