How severe is CVE-2023-26104?

CVE-2023-26104 has a CVSS v3 score of 7.5 (HIGH).

CVE-2023-26104

Name: lite-web-server
Author: lite-web-server_project

7.5HIGH

All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to

Published: 2/25/2023Updated: 3/11/2025

Description

All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.

AI AnalysisPowered by AI

Affected Products

lite-web-server_projectlite-web-server

References

https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bde
ExploitThird Party Advisory
https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274
Broken Link
https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703
Third Party Advisory
https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bde
ExploitThird Party Advisory
https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274
Broken Link
https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703
Third Party Advisory