GHSA-88qp-p4qg-rqm6

ADVISORY - github

Summary

Versions of @sveltejs/kit prior to 2.52.2 with remote functions enabled are vulnerable to CPU exhaustion. Malformed form data can cause the server to become unresponsive while processing a request, resulting in denial of service.

Only applications using both experimental.remoteFunctions and form are vulnerable.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-843⁠

Access of Resource Using Incompatible Type ('Type Confusion')

Impacted images

Advisories

GitHub

CREATED

17 hours ago

UPDATED

17 hours ago

ADVISORY IDGHSA-88qp-p4qg-rqm6⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-843⁠

CVSS SCORE

6.9medium