Exponential ReDoS in uri-template-lite leads to denial of service
uri-template-lite (,)
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the URI.expand() method
The vulnerable regular expression can be found at "/package/index.js" - \{([#&+.\/;?]?)((?:[-\w%.]+(\*|:\d+)?,?)+)\}
'{0' + '0'.repeat(1000)
No mitigations are supplied for this issue