Loading HuntDB...

GHSA-pmg9-p9r2-6q87

GitHub Security Advisory

ReDoS via long UserAgent header in ua-parser

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

Affected versions of `ua-parser` are vulnerable to regular expression denial of service when given a specially crafted `User-Agent` header.

## Recommendation

No patch is currently available for this vulnerability.

The best mitigation is currently to avoid using this package, using a different, functionally equivalent package such as [useragent](https://www.npmjs.com/package/useragent).

Affected Packages

npm ua-parser
Affected versions: 0 (last affected: 0.3.5)

Related CVEs

Key Information

GHSA ID
GHSA-pmg9-p9r2-6q87
Published
July 24, 2018 7:46 PM
Last Modified
January 8, 2021 6:20 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
ua-parser
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.