CVE-2026-30226

Medium CVSS: 6.3

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion. This vulnerability is fixed in 5.6.4.

Vendor

Svelte

Product

Devalue

CWE

CWE-1321

Yayın Tarihi

2026-03-11 18:16:22

Güncelleme

2026-03-17 19:07:28

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-1321 Devalue MEDIUM Svelte 2026

Referanslar

https://github.com/sveltejs/devalue/security/advisories/GHSA-cfw5-2vxh-hr84

Benzer Kayıtlar

Medium

CVE-2026-27902

Svelte performance oriented web framework. Prior to version 5.53.5, errors from `transformError` were not correctly esca…

Medium

CVE-2026-27901

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textConte…

Medium

CVE-2026-27119

svelte performance oriented web framework. From 5.39.3,

Medium

CVE-2026-27121

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XS…

Medium

CVE-2026-27122

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name…

Medium

CVE-2026-27125

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements (e…