All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
decodeURI()
lite-server
{ "last_known_affected_version_range": "<= 2.6.1" }
org.webjars.npm:lite-server
{ "last_known_affected_version_range": "<= 2.2.0" }