[uri-template-lite] uri-template-lite Regular Expression Denial of Service

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the “URI.expand” method. A fix is available on the main branch of the repository.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-43309
• https://research.jfrog.com/vulnerabilities/uri-template-lite-redos-xray-211351/
• https://github.com/litejs/uri-template-lite/commit/cbeec2b2a275d819fb534137a155df14729706f8
• https://github.com/advisories/GHSA-chw2-6c7r-37p7