CVE-2022-25940

Summary

All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.

Affected Software

VendorProductVersion RangeStatus
n/alite-server0 < unspecifiedaffected

Weaknesses

  • Denial of Service (DoS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References