Vulnerability Description
All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lite-Web-Server Project | Lite-Web-Server | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bdeExploitThird Party Advisory
- https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274Broken Link
- https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703Third Party Advisory
- https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bdeExploitThird Party Advisory
- https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274Broken Link
- https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703Third Party Advisory
FAQ
What is CVE-2023-26104?
CVE-2023-26104 is a vulnerability with a CVSS score of 7.5 (HIGH). All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to ...
How severe is CVE-2023-26104?
CVE-2023-26104 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26104?
Check the references section above for vendor advisories and patch information. Affected products include: Lite-Web-Server Project Lite-Web-Server.