Lucene search
K

5 matches found

CVE
CVE
added 2024/01/24 4:56 p.m.47 views

CVE-2024-23641

CVE-2024-23641 affects SvelteKit 2 apps when handling HTTP GET/HEAD requests with a body (e.g., {})—these requests crash the preview/hosted app, including TRACE, causing DoS. The issue specifically impacts deployments using @sveltejs/adapter-node versions 2.1.2, 3.0.3, or 4.0.1 and @sveltejs/kit ...

7.5CVSS7.4AI score0.00764EPSS
CVE
CVE
added 2026/04/10 4:24 p.m.31 views

CVE-2026-40073

SvelteKit (framework for building web apps with Svelte) contains a vulnerability in adapter-node prior to version 2.57.1 where, under certain conditions, requests could bypass the BODY_SIZE_LIMIT. The issue is scoped to SvelteKit applications using adapter-node and does not affect body size limit...

8.2CVSS5.8AI score0.00543EPSS
CVE
CVE
added 2026/01/15 6:33 p.m.28 views

CVE-2025-67647

CVE-2025-67647 affects SvelteKit. Before 2.49.5, it allows server-side request forgery (SSRF) and DoS under prerender conditions. From 2.44.0 to 2.49.4, a DoS can occur if at least one prerendered route exists (export const prerender = true). From 2.19.0 to 2.49.4, DoS/SSRF can occur when there i...

9.1CVSS6.4AI score0.00466EPSS
CVE
CVE
added 2026/04/10 4:26 p.m.26 views

CVE-2026-40074

CVE-2026-40074 affects SvelteKit. The issue is an unhandled TypeError in redirect() when called from the handle hook with a location containing characters invalid in HTTP headers, leading to potential DoS. Vulnerable in all versions before 2.57.1; fixed in 2.57.1. Remediation: upgrade to 2.57.1 o...

7.5CVSS5.8AI score0.00366EPSS
CVE
CVE
added 2026/01/15 6:37 p.m.21 views

CVE-2026-22803

CVE-2026-22803 affects SvelteKit. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary format for submitted data, and a crafted payload can trigger unbounded memory allocation, causing a DoS via memory exhaustion. This is fixed in 2.49.5. Impact is memory exhaustion of the s...

8.2CVSS6.5AI score0.00527EPSS