Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019)

Change template substitution regex to exclude fields with whitespace. This addresses possible O(n^2) catastrophic backtracking behavior. Very unlikely to be exploited. For #10002.

Author: davisjam

lib/util/interpolate.js

@@ -13,7 +13,11 @@ module.exports = (text, data) => {
  if (!data) {
  return text;
  }
- return text.replace(/\{\{\s*([^{}]+?)\s*\}\}/g, (fullMatch, term) => {
+
+ // Substitution content for any {{ }} markers.
+ return text.replace(/\{\{([^{}]+?)\}\}/g, (fullMatch, termWithWhitespace) => {
+ const term = termWithWhitespace.trim();
+
  if (term in data) {
  return data[term];
  }