UBUNTU-CVE-2026-45822

Source
https://ubuntu.com/security/CVE-2026-45822
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45822.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-45822
Upstream
  • CVE-2026-45822
Published
2026-06-30T09:16:00Z
Modified
2026-07-01T21:24:53Z
Severity
  • 6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:U/V:D/RE:M/U:Amber CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.

References

Affected packages

Ubuntu:22.04:LTS / node-source-map-resolve

Package

Name
node-source-map-resolve
Purl
pkg:deb/ubuntu/node-source-map-resolve?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.6.0+~cs2.7.2-2
0.6.0+~cs2.7.3-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-source-map-resolve",
            "binary_version": "0.6.0+~cs2.7.3-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45822.json"

Ubuntu:24.04:LTS / node-source-map-resolve

Package

Name
node-source-map-resolve
Purl
pkg:deb/ubuntu/node-source-map-resolve?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.6.0+~cs2.7.3-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-source-map-resolve",
            "binary_version": "0.6.0+~cs2.7.3-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45822.json"

Ubuntu:25.10 / node-source-map-resolve

Package

Name
node-source-map-resolve
Purl
pkg:deb/ubuntu/node-source-map-resolve?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.6.0+~cs2.7.3-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-source-map-resolve",
            "binary_version": "0.6.0+~cs2.7.3-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45822.json"

Ubuntu:26.04:LTS / node-source-map-resolve

Package

Name
node-source-map-resolve
Purl
pkg:deb/ubuntu/node-source-map-resolve?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.6.0+~cs2.7.3-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "node-source-map-resolve",
            "binary_version": "0.6.0+~cs2.7.3-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-45822.json"