6en6ar/gist:c792d8337b63f095cbda907e834cb4ba

## gistfile1.txt
A regex defined on line 1. inside https://github.com/alanclarke/urlite/blob/master/lib/pattern.js inside npm package "Urlite"
(https://www.npmjs.com/package/urlite) is found to be vulnerable to Regex Denial of Service when malicious input containing a long regex input is
provided to the application that parses a URL. When  a malicious payload is provided to the parsing
function the application will hang for indefinite amount of time causing Denial of Service.
If more requests are sent using the same payload it can result in
Distributed Denial of service potentially rendering the service unavailable.

Payload that was used:

  var payload ='//:' + '\t:\t'.repeat(90000)+ '\t'
  var parsed = urlite.parse(payload)

  This will cause 17 second delay for the function to process the input.
  This can be increased since there is no limit on the input length
	A regex defined on line 1. inside https://github.com/alanclarke/urlite/blob/master/lib/pattern.js inside npm package "Urlite"
	(https://www.npmjs.com/package/urlite) is found to be vulnerable to Regex Denial of Service when malicious input containing a long regex input is
	provided to the application that parses a URL. When a malicious payload is provided to the parsing
	function the application will hang for indefinite amount of time causing Denial of Service.
	If more requests are sent using the same payload it can result in
	Distributed Denial of service potentially rendering the service unavailable.

	Payload that was used:

	var payload ='//:' + '\t:\t'.repeat(90000)+ '\t'
	var parsed = urlite.parse(payload)

	This will cause 17 second delay for the function to process the input.
	This can be increased since there is no limit on the input length