-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| useragent | npm | <= 2.3.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from a ReDoS-prone regex in lib/regexps.js, specifically the HbbTV device detection pattern. The security advisory explicitly references line 5568 in this file, and the commit 4c3ee79 shows regexps.js was modified to address this. The regex's structure (.* nested under a quantifier) creates exponential time complexity for malicious inputs, as demonstrated in the PoC. While no function name is explicitly given, the regex itself is the vulnerable component within the device parsing logic.