diff --git a/packages/ejson/ejson.js b/packages/ejson/ejson.js
index d8d0cb9471..fd7a9d4929 100644
--- a/packages/ejson/ejson.js
+++ b/packages/ejson/ejson.js
@@ -105,8 +105,11 @@ var builtinConverters = [
       return { $regexp: regexp.source, $flags: regexp.flags };
     },
     fromJSONValue: function (obj) {
-      //replaces duplicate / invalid flags
-      return new RegExp(obj.$regexp, obj.$flags.replace(/[^gimuy]/g,'').replace(/(.)(?=.*\1)/g, ''));
+      // replaces duplicate / invalid flags
+      // cut of flags to 50 chars to avoid abusing regex for DOS
+      return new RegExp(obj.$regexp, obj.$flags.substr(0, 50)
+                                               .replace(/[^gimuy]/g,'')
+                                               .replace(/(.)(?=.*\1)/g, ''));
     }
   },
   { // NaN, Inf, -Inf. (These are the only objects with typeof !== 'object'