GMS-2017-108: ReDoS via long UserAgent header

February 6, 2017

An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block.

References

github.com/3rd-Eden/useragent/commit/64b15c9446a24abd9f52ed4ceb970f1a5cf790dd

Code Behaviors & Features

Detect and mitigate GMS-2017-108 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →