CVE-2022-25940

All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
snykCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
lite-server_projectlite-server
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/lirantal/832382155e00da92bfd8bb3adea474eb
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3175617
https://security.snyk.io/vuln/SNYK-JS-LITESERVER-3153540
https://gist.github.com/lirantal/832382155e00da92bfd8bb3adea474eb
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3175617
https://security.snyk.io/vuln/SNYK-JS-LITESERVER-3153540