Regular Expression Denial of Service
Specifically crafted long headers or uris can cause a minor denial of service when using hawk versions less than 4.1.1.
"The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time."
- Updated to include fix in 3.1.3
Update to hawk version 4.1.1 or greater.