Resource exhaustion in Samverschueren Decode-uri-component

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.003 (22.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References