The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+
This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
CPE | Name | Operator | Version |
---|---|---|---|
pypi/jinja2 | lt | 2.11.3 |