CNNVD-202510-2095 Information
CNNVD ID
CNNVD-202510-2095
Related CVE
- CNNVD Published: 2025-10-15
Description (Chinese)
SvelteKit是Svelte开源的一套Web 开发框架。 SvelteKit 2.27.3及之前版本存在安全漏洞,该漏洞源于formData.js中parseFormData函数存在原型污染,可能导致拒绝服务、类型混淆和潜在远程代码执行。
Description (English)
SvelteKit is a set of Web development frameworks for Svelte open source. SvelteKit 2.27.3 and previous versions contain a security loophole that stems from the prototype contamination of the ParseFormData function in formData.js, which may lead to denial of service, confusion of type and potential remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Svelte
Published
2025-10-15
Last Modified
2026-02-24
References
https://github.com/ciscoheat/sveltekit-superforms/commit/4a1310dd1a94176bb22036662c530dad48059ca4 https://github.com/ciscoheat/sveltekit-superforms/security/advisories/GHSA-hwmc-4c8j-xxj7 https://access.redhat.com/security/cve/cve-2025-62381
Patch
https://github.com/ciscoheat/sveltekit-superforms/releases
Share on: