How severe is CVE-2023-26104?

CVE-2023-26104 has a CVSS v3 score of 7.5 (HIGH).

CVE-2023-26104

Name: lite-web-server
Author: lite-web-server_project

7.5HIGH

All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to

Publicado: 2/25/2023Actualizado: 3/11/2025

Descripción

All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.

Análisis IAImpulsado por IA

Productos Afectados

lite-web-server_projectlite-web-server

Referencias

https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bde
ExploitThird Party Advisory
https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274
Broken Link
https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703
Third Party Advisory
https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bde
ExploitThird Party Advisory
https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274
Broken Link
https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703
Third Party Advisory