Описание
svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.39.3 (включая) до 5.51.5 (исключая)
cpe:2.3:a:svelte:svelte:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 1%
0.00009
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.6
redhat
около 1 месяца назад
svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.
EPSS
Процентиль: 1%
0.00009
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79