node
is vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability exists in the path
module of Node.js 4.x releases that contains a bad regex defined in splitPathRe
that causes ReDoS attacks when parsing malicious paths.