CVE-2022-29167
The CVE-2022-29167 issue concerns Hawk’s Host header parsing: Hawk.utils.parseHost() used a regex that enabled a regular expression DoS attack. The root cause is in parsing the Host header, leading to potential DoS with input size. A patch in Hawk 9.0.1 switches to the built-in URL class to parse...