Описание
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5.
EPSS
Процентиль: 12%
0.0004
Низкий
Дефекты
CWE-789
Связанные уязвимости
github
4 дня назад
@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata)
EPSS
Процентиль: 12%
0.0004
Низкий
Дефекты
CWE-789