JavaScript web apps and web servers are susceptible to a specific type of vulnerabilities/attacks known as regular expression (regex) denial of service (ReDoS).
These vulnerabilities take place when an attacker sends large and complex pieces of text to the open input of a JavaScript-based web server or app.
If the server component or an app library is not specifically designed to handle various edge cases, the attacker’s input can end up blocking the entire app or server for seconds or minutes at a time, while the server analyzes and pattern-matches the input.
Source :www.bleepingcomputer.com