CVE-2023-26104
7.5HIGHAll versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to
Publicado: 2/25/2023Atualizado: 3/11/2025
Descrição
All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
Análise IADesenvolvido por IA
Produtos Afetados
lite-web-server_projectlite-web-server
-
Referências
- https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bdeExploitThird Party Advisory
- https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274Broken Link
- https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703Third Party Advisory
- https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bdeExploitThird Party Advisory
- https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274Broken Link
- https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703Third Party Advisory