Lucene search

Veracode Vulnerability DatabaseVERACODE:45167

HistoryJan 25, 2024 - 5:58 a.m.

Denial Of Service (DoS)

2024-01-2505:58:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sveltejs/kit

vulnerability

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

sveltejs/kit is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of HTTP GET and TRACE requests that include a empty {} body. When such requests are received, the application throws an error stating “Request with GET/HEAD method cannot have body” and subsequently crashes, which results in Denial of Service (DoS).

References

github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9

github.com/sveltejs/kit/pull/11708

github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for VERACODE:45167