CVE-2018-20164: ReDoS
(updated )
The programming library UA-Parser uses regular expressions to identify user agent strings. An attacker can craft special patterns that keep the server busy for a long time. By sending many requests in short order, an attacker can exhaust the amount of processing power available.
References
Detect and mitigate CVE-2018-20164 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →