@sveltejs/kit is vulnerable to Cross-Site Request Forgery (CSRF). Malicious requests can be submitted from third-party domains, which allows an attacker to execute operations within the victim’s session via bypassing CSRF protection by specifying a Content-Type
header value such as text/plain
, possibly leading to unauthorized access to user accounts.
CPE | Name | Operator | Version |
---|---|---|---|
@sveltejs/kit | le | 1.15.0 | |
@sveltejs/kit | le | 1.15.0 |