← voltar
CVE-2025-62381

sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`

CVSS 8.3 HIGHEPSS 0.5%CWE-1321
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial of service, type confusion, and potential remote code execution in downstream applications that rely on polluted objects. This vulnerability is fixed in 2.27.4.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L
Produtos afetados
ciscoheat · sveltekit-superforms

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/ciscoheat/sveltekit-superforms/commit/4a1310dd1a94176bb22036662c530dad48059ca4https://github.com/ciscoheat/sveltekit-superforms/security/advisories/GHSA-hwmc-4c8j-xxj7