Vulnerability Description
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lite-Server Project | Lite-Server | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/lirantal/832382155e00da92bfd8bb3adea474ebExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3175617ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-LITESERVER-3153540ExploitThird Party Advisory
- https://gist.github.com/lirantal/832382155e00da92bfd8bb3adea474ebExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3175617ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-LITESERVER-3153540ExploitThird Party Advisory
FAQ
What is CVE-2022-25940?
CVE-2022-25940 is a vulnerability with a CVSS score of 7.5 (HIGH). All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
How severe is CVE-2022-25940?
CVE-2022-25940 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25940?
Check the references section above for vendor advisories and patch information. Affected products include: Lite-Server Project Lite-Server.