Addressable Project Addressable vulnerabilities

CVE-2026-35611 [HIGH] CWE-1333 Addressable has a Regular Expression Denial of Service in Addressable templates Addressable has a Regular Expression Denial of Service in Addressable templates ### Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the `*` (explode) modifier with any expansion operator (e.g., `{foo*}`, `{+var*}`, `{#var*}`, `{/var*}`, `{.var*}`, `{;var*

CVE-2021-32740 [HIGH] CWE-400 CVE-2021-32740: Addressable is an alternative implementation to the URI implementation that is part of Ruby's standa Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leadi