The host is installed with Node.js 4.x before 4.9.0 and is prone to a regular expression denial of service vulnerability. A flaw is present in the application which fails to handle the regular expression, splitPathRe, used within the 'path' module for the various path parsing functions. Successful exploitation allows an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.