CVE-2020-26311: useragent Regular Expression Denial of Service vulnerability
(updated )
Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS).
References
- github.com/3rd-Eden/useragent
- github.com/3rd-Eden/useragent/blob/ffa906f923183c85fbb9e6c90f19345e2bd3c52a/lib/regexps.js
- github.com/3rd-Eden/useragent/commit/4c3ee79358bea72d88fe78ac98f4f861db40b89b
- github.com/3rd-Eden/useragent/issues/167
- github.com/advisories/GHSA-mgfv-m47x-4wqp
- nvd.nist.gov/vuln/detail/CVE-2020-26311
- securitylab.github.com/advisories/GHSL-2020-312-redos-useragent
Detect and mitigate CVE-2020-26311 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →