GHSA-vrhm-gvg7-fpcf

ADVISORY - github

Summary

Versions of @sveltejs/kit prior to 2.52.2 with remote functions enabled can be vulnerable to memory exhaustion. Malformed form data can cause the server process to crash due to excessive memory allocation, resulting in denial of service.

Only applications using both experimental.remoteFunctions and form are vulnerable.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-770⁠

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories

GitHub

CREATED

17 hours ago

UPDATED

17 hours ago

ADVISORY IDGHSA-vrhm-gvg7-fpcf⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-770⁠

CVSS SCORE

4.6medium