Vulnerability Details CVE-2023-26104
All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.5%
CVSS Severity
CVSS v3 Score 7.5
References
- https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bde
- https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274
- https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703
- https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bde
- https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274
- https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703
Products affected by CVE-2023-26104
-
cpe:2.3:a:lite-web-server_project:lite-web-server:-