SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.
References
Link | Resource |
---|---|
https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9 | Patch |
https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49 | Exploit Vendor Advisory |
https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9 | Patch |
https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9 - Patch | |
References | () https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49 - Exploit, Vendor Advisory |
05 Feb 2024, 16:50
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:svelte:adapter-node:4.0.0:*:*:*:*:node.js:*:* cpe:2.3:a:svelte:kit:*:*:*:*:*:node.js:*:* cpe:2.3:a:svelte:adapter-node:*:*:*:*:*:node.js:*:* |
|
References | () https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49 - Exploit, Vendor Advisory | |
References | () https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9 - Patch | |
First Time |
Svelte
Svelte kit Svelte adapter-node |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
24 Jan 2024, 18:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-24 17:15
Updated : 2024-11-21 08:58
NVD link : CVE-2024-23641
Mitre link : CVE-2024-23641
CVE.ORG link : CVE-2024-23641
JSON object : View
Products Affected
svelte
- adapter-node
- kit
CWE