Is OpenDistro/OpenSearch exposed to ReDoS attack?

Hi @searchymcsearchface ,
I’ve downloaded latest OpenSearch and built it from sources.
The issue is easily reproduced as well:

top - 11:46:43 up 50 days,  4:13,  6 users,  load average: 0.59, 0.38, 1.76
Tasks: 223 total,   1 running, 222 sleeping,   0 stopped,   0 zombie
%Cpu(s): 25.6 us,  0.3 sy,  0.0 ni, 74.1 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem : 16266524 total,  7994040 free,  5803556 used,  2468928 buff/cache
KiB Swap:  4063228 total,  4039932 free,    23296 used. 10108712 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
15818 ori       20   0 4217756 705716  12296 S 100.3  4.3   1:00.82 java

I will open a Github issue and update.

Thank you,
Ori.