High severityNVD Advisory· Published Dec 21, 2022· Updated Apr 16, 2025

Denial of Service (DoS)

CVE-2022-25940

Description

All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
lite-servernpm	<= 2.6.1	—
org.webjars.npm:lite-serverMaven	<= 2.2.0	—

Affected products

Npm/Lite Serverinferred
Package: https://npmjs.com/package/lite-server

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-89w7-5q45-r53wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-25940ghsaADVISORY
gist.github.com/lirantal/832382155e00da92bfd8bb3adea474ebghsaWEB
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3175617ghsaWEB
security.snyk.io/vuln/SNYK-JS-LITESERVER-3153540ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000