GHSA-pmg9-p9r2-6q87
GitHub Security Advisory
ReDoS via long UserAgent header in ua-parser
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
Affected versions of `ua-parser` are vulnerable to regular expression denial of service when given a specially crafted `User-Agent` header.
## Recommendation
No patch is currently available for this vulnerability.
The best mitigation is currently to avoid using this package, using a different, functionally equivalent package such as [useragent](https://www.npmjs.com/package/useragent).
Affected Packages
npm
ua-parser
Affected versions:
0
(last affected: 0.3.5)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: July 4, 2025 6:27 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.