Some particularly crafted IRIs can cause a denial of service (DOS).
IRIs which have a trailing `..' segment and resolve to a valid IRI
(i.e. a .. that's not escaping the root directory) will make the
server process loop forever.
This is """just""" an DOS vulnerability, it doesn't expose anything
sensitive or give an attacker anything else.