CVE-2022-25940 (High) detected in lite-server-2.4.0.tgz #88
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2022-25940 - High Severity Vulnerability
Lightweight development node server for serving a web app, providing a fallback for browser history API, loading in the browser, and injecting scripts on the fly.
Library home page: https://registry.npmjs.org/lite-server/-/lite-server-2.4.0.tgz
Path to dependency file: /ConFusionBootStrap/conFusion/package.json
Path to vulnerable library: /conFusion/node_modules/lite-server/package.json
Dependency Hierarchy:
Found in base branch: master
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
Publish Date: 2022-12-20
URL: CVE-2022-25940
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: