CVE-2017-16030: Improper Input Validation

June 4, 2018 (updated October 9, 2019)

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block.

References

nvd.nist.gov/vuln/detail/CVE-2017-16030

Code Behaviors & Features

Detect and mitigate CVE-2017-16030 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →