The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.