CVE-2024-52798

Name of the Vulnerable Software and Affected Versions path-to-regexp versions 0.1.x through 0.1.11

Description The issue concerns a performance vulnerability in path-to-regexp, where certain inputs can generate regular expressions vulnerable to backtracking, leading to poor performance. This vulnerability exists due to an incomplete fix.

Recommendations Upgrade to version 0.1.12. As a temporary workaround, consider avoiding the use of two parameters within a single path segment when the separator is not . (e.g., no /:a-:b). Alternatively, define the regex used for both parameters and ensure they do not overlap to allow backtracking.