diff --git a/server/notification-providers/pushdeer.js b/server/notification-providers/pushdeer.js
index 276c2f476..b1f675957 100644
--- a/server/notification-providers/pushdeer.js
+++ b/server/notification-providers/pushdeer.js
@@ -11,7 +11,8 @@ class PushDeer extends NotificationProvider {
     async send(notification, msg, monitorJSON = null, heartbeatJSON = null) {
         const okMsg = "Sent Successfully.";
         const serverUrl = notification.pushdeerServer || "https://api2.pushdeer.com";
-        const url = `${serverUrl.trim().replace(/\/*$/, "")}/message/push`;
+        // capture group below is nessesary to prevent an ReDOS-attack
+        const url = `${serverUrl.trim().replace(/([^/])\/+$/, "$1")}/message/push`;
 
         let valid = msg != null && monitorJSON != null && heartbeatJSON != null;
 
diff --git a/server/notification-providers/whapi.js b/server/notification-providers/whapi.js
index 70e0fbb4c..d83dc470f 100644
--- a/server/notification-providers/whapi.js
+++ b/server/notification-providers/whapi.js
@@ -24,7 +24,7 @@ class Whapi extends NotificationProvider {
                 "body": msg,
             };
 
-            let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/\/+$/, "") + "/messages/text";
+            let url = (notification.whapiApiUrl || "https://gate.whapi.cloud/").replace(/([^/])\/+$/, "$1") + "/messages/text";
 
             await axios.post(url, data, config);