Описание
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate a large amount of memory, causing DoS via memory exhaustion. This vulnerability is fixed in 2.49.5.
Уязвимые конфигурации
Конфигурация 1Версия от 2.49.0 (включая) до 2.49.5 (исключая)
cpe:2.3:a:svelte:kit:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
7.5 High
CVSS3
Дефекты
CWE-789
CWE-770
Связанные уязвимости
github
24 дня назад
@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata)
EPSS
Процентиль: 16%
0.00052
Низкий
7.5 High
CVSS3
Дефекты
CWE-789
CWE-770