Exponential ReDoS in hawk leads to denial of service
hawk (,9.0.1), fixed in 9.0.1
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the hawk npm package, when an attacker is able to supply arbitrary input to the Hawk.utils.parseHost method
'\t:0\r\n' + '\t\r\n\t\r\n'.repeat(i) + '\rA'
No mitigations are supplied for this issue