7.5
CVE-2024-23641
- EPSS 0.76%
- Veröffentlicht 24.01.2024 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:58:04
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginSending a GET or HEAD request with a body crashes SvelteKit
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Svelte ≫ Adapter-node SwPlatformnode.js Version >= 2.0.0 < 2.1.2
Svelte ≫ Adapter-node SwPlatformnode.js Version >= 3.0.0 < 3.0.3
Svelte ≫ Adapter-node Version4.0.0 SwPlatformnode.js
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.506 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9
https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49