CNNVD-202601-2573 Information

CNNVD ID

CNNVD-202601-2573

Related CVE

CVE-2026-22774

• CNNVD Published: 2026-01-15

Description (Chinese)

Svelte是Svelte开源的一种构建 Web 应用程序的新方法。 Svelte 5.3.0版本至5.6.1版本存在安全漏洞，该漏洞源于类型化数组水合过程未检查输入假设，可能导致拒绝服务。

Description (English)

Svelte is a new method of building Web applications from the Svelte Open Source. There is a security gap between Svelte Versions 5.3.0 to 5.6.1, which stems from the failure to check input assumptions in the TYPE hydrate process, which may lead to the denial of services.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Svelte

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/sveltejs/devalue/commit/e46afa64dd2b25aa35fb905ba5d20cea63aabbf7 https://github.com/sveltejs/devalue/releases/tag/v5.6.2 https://github.com/sveltejs/devalue/security/advisories/GHSA-vw5p-8cq8-m7mv https://access.redhat.com/security/cve/cve-2026-22774

Patch

https://github.com/sveltejs/devalue/releases