uri-template-lite is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the expandRe
attribute in index.js
, allowing an attacker to crash the application by providing a malicious input through the URI.expand
method.