GHSA-rjjv-87mx-6x3h: @sveltejs/kit vulnerable to on dev mode 404 page

November 25, 2024

“Unsanitized input from the request URL flows into end, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).”

References

github.com/advisories/GHSA-rjjv-87mx-6x3h
github.com/sveltejs/kit
github.com/sveltejs/kit/pull/13039
github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3
github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h

Code Behaviors & Features

Detect and mitigate GHSA-rjjv-87mx-6x3h with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →