Affected versions of ua-parser
are vulnerable to regular expression denial of service when given a specially crafted User-Agent
header.
No patch is currently available for this vulnerability.
The best mitigation is currently to avoid using this package, using a different, functionally equivalent package such as useragent.