Regular Expression Denial Of Service (ReDoS)

websocket-extensions is vulnerable to regular expression denial of service ReDoS. A regex backtracking is introduced due to the way the parser processes the Sec-WebSocket-Extensions header, using up quadratic time in a single-threaded server when an unclosed string parameter with repeating two-by...