@sveltejs/kit@2.52.0 vulnerabilities
SvelteKit is the fastest way to build Svelte apps
latest version
2.53.4
latest non vulnerable version
first published
5 years ago
latest version published
10 days ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @sveltejs/kit package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Notes: Only users with experimental.remoteFunctions: true who are using the form function and are processing the files array without validation are vulnerable. How to fix Allocation of Resources Without Limits or Throttling? Upgrade | >=2.49.0 <2.53.3 |
@sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the remote form deserialization. An attacker can cause excessive memory allocation and crash the server process by submitting malformed form data. Note: This is only exploitable if both How to fix Allocation of Resources Without Limits or Throttling? Upgrade | >=2.49.0 <2.52.2 |
@sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via the remote form deserialization. An attacker can cause the server to become unresponsive and exhaust CPU resources by submitting malformed form data. Note: This is only exploitable if both How to fix Access of Resource Using Incompatible Type ('Type Confusion')? Upgrade | >=2.49.0 <2.52.2 |