CVE-2022-25940

Name of the Vulnerable Software and Affected Versions lite-server versions all

Description The issue arises when an attacker sends an HTTP request that includes control characters, which the decodeURI() function is unable to parse, leading to a Denial of Service (DoS). This occurs when the decodeURI() function encounters characters it cannot process, resulting in the service becoming unavailable.

Recommendations For all versions, consider disabling the decodeURI() function or restricting HTTP requests that include control characters until a patch is available. As a temporary workaround, restrict access to the HTTP endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.