Why can ReDos do a lot of Damage to JS Web Servers?
Two Researchers from the University of Darmstadt Germany named Cristian Alexandru Staicu and Michael Pradel found 25 previously unknown vulnerabilities in NodeJs modules.
The exploit packages may cause vulnerable systems to freeze for a number of minutes when the server tries to match the pattern in the regular expression in order to decide what to do with the sent payload.
How many libraries were affected?
The researchers performed a scan of 2,846 popular NodeJS libraries over 300 libraries were found to contain ReDoS vulnerabilities.