High severity7.5NVD Advisory· Published Dec 20, 2022· Updated Jun 17, 2026
CVE-2022-25940
CVE-2022-25940
Description
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lite-servernpm | <= 2.6.1 | — |
org.webjars.npm:lite-serverMaven | <= 2.2.0 | — |
Affected products
2- ghsa-coords2 versions
<= 2.2.0+ 1 more
- (no CPE)range: <= 2.2.0
- (no CPE)range: <= 2.6.1
Patches
Vulnerability mechanics
References
5- gist.github.com/lirantal/832382155e00da92bfd8bb3adea474ebnvdExploitThird Party AdvisoryWEB
- security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3175617nvdExploitThird Party AdvisoryWEB
- security.snyk.io/vuln/SNYK-JS-LITESERVER-3153540nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-89w7-5q45-r53wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25940ghsaADVISORY
News mentions
0No linked articles in our index yet.