Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method
Remediation
References
https://research.jfrog.com/vulnerabilities/uri-template-lite-redos-xray-211351/
https://github.com/litejs/uri-template-lite/compare/v22.1.0...v22.9.0
Related Vulnerabilities
CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-java
CVE-2021-3647 Vulnerability in npm package urijs
CVE-2017-18353 Vulnerability in npm package rendertron-middleware
CVE-2017-16170 Vulnerability in npm package liuyaserver
CVE-2021-21695 Vulnerability in maven package org.jenkins-ci.main:jenkins-core