Resource exhaustion in Samverschueren Decode-uri-component
CVE-2026-45822
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.003 (22.1th percentile) — read the EPSS interpretation.
Affected products
- Samverschueren Decode-uri-component — versions 0.1.0