12 matches found
Prototype Pollution
sveltekit-superforms is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-supplied data in the parseFormData function of formData.js, which allows an attacker to inject properties into Object.prototype, enabling denial of service, type confusion, and potenti...
CVE-2025-62381
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...
GHSA-HWMC-4C8J-XXJ7 `sveltekit-superforms` has Prototype Pollution in `parseFormData` function of `formData.js`
Summary sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial of service, type confusion, and potential remote code...
`sveltekit-superforms` has Prototype Pollution in `parseFormData` function of `formData.js`
Summary sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial of service, type confusion, and potential remote code...
Prototype Pollution
Overview sveltekit-superforms is a Making SvelteKit forms a pleasure to use! Affected versions of this package are vulnerable to Prototype Pollution via the parseFormData function. An attacker can inject properties into Object.prototype by submitting specially crafted form parameters, which can...
@nasa-jpl/stellar-svelte (>=2.1.9 <=2.1.10), @scouterdev/ui (=0.0.1) +2 more potentially affected by CVE-2025-62381 via sveltekit-superforms (>=2.16.1 <=2.27.1)
sveltekit-superforms NPM version =2.16.1, =2.1.9, =1.3.0, =0.0.2-dev.80, =1.0.9 Source cves: CVE-2025-62381 Source advisory: SNYK:JS-SVELTEKITSUPERFORMS-13559331...
CVE-2025-62381
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...
EUVD-2025-34681
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...
CVE-2025-62381 sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...
CVE-2025-62381 sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...
CVE-2025-62381
CVE-2025-62381 affects the package sveltekit-superforms (versions up to 2.27.3). The vulnerability is in the parseFormData function of formData.js, where user-controlled values can pollute Object.prototype, enabling DoS, type confusion, and potentially remote code execution in downstream apps. Se...
CVE-2025-62381 sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...