Vulnerabilities > CVE-2022-25940 - Unspecified vulnerability in Lite-Server Project Lite-Server

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

lite-server-project

NVD

Published: 2022-12-20

Updated: 2022-12-29

Summary

All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.

Vulnerable Configurations

Part	Description	Count
Application	Lite-Server_Project Lite Server Project Lite Server -	1

References

https://security.snyk.io/vuln/SNYK-JS-LITESERVER-3153540
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3175617
https://gist.github.com/lirantal/832382155e00da92bfd8bb3adea474eb