CVE-2023-26104

Published: Feb 25, 2023Modified: Mar 11, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.

Affected (1)

Products: Lite Web Server Project: Lite Web Server

Lite Web Server Project

1 product

Lite Web Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lite Web Server Project Lite Web Server	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bde

Source: report@snyk.io

ExploitThird Party Advisory

https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274

Source: report@snyk.io

Broken Link

https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703

Source: report@snyk.io

Third Party Advisory

https://gist.github.com/lirantal/637520812da06fffb91dd86d02ff6bde

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/chasyumen/lite-web-server/blob/main/src/WebServer.js%23L274

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://security.snyk.io/vuln/SNYK-JS-LITEWEBSERVER-3153703

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.