Vulnerabilities > CVE-2024-23641 - Unspecified vulnerability in Svelte Adapter-Node and KIT

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

svelte

NVD

Published: 2024-01-24

Updated: 2024-02-05

Summary

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Svelte Svelte Adapter Node 3.0.0 Svelte Adapter Node 3.0.1 Svelte Adapter Node 2.0.0 Svelte Adapter Node 2.0.1 Svelte Adapter Node 2.0.2 Svelte Adapter Node 2.1.0 Svelte Adapter Node 2.1.1 Svelte Adapter Node 4.0.0 Svelte KIT 2.0.0 Svelte KIT 2.0.1 Svelte KIT 2.0.2 Svelte KIT 2.0.3 Svelte KIT 2.0.4 Svelte KIT 2.0.5 Svelte KIT 2.0.6 Svelte KIT 2.0.7 Svelte KIT 2.0.8 Svelte KIT 2.1.0 Svelte KIT 2.1.1 Svelte KIT 2.1.2 Svelte KIT 2.2.0 Svelte KIT 2.2.1 Svelte KIT 2.2.2 Svelte KIT 2.3.0 Svelte KIT 2.3.1 Svelte KIT 2.3.2 Svelte KIT 2.3.3 Svelte KIT 2.3.4 Svelte KIT 2.3.5 Svelte KIT 2.4.0 Svelte KIT 2.4.1 Svelte KIT 2.4.2	32

Summary

Vulnerable Configurations

References