CVE-2021-43309

Name of the Vulnerable Software and Affected Versions uri-template-lite npm package (affected versions not specified)

Description An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package when an attacker is able to supply arbitrary input to the URI.expand method. This issue allows an attacker to cause a denial of service by exploiting the regular expression engine.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the input to the URI.expand method to prevent arbitrary input from being processed.