CVE-2022-25875

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-25875
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25875.json
Aliases
Published
2022-07-12T19:15:08Z
Modified
2024-05-14T11:43:04.013208Z
Summary
[none]
Details

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). Exploiting this vulnerability is possible via objects with a custom toString() function.

References

Affected packages

Git / github.com/sveltejs/svelte

Affected ranges

Type
GIT
Repo
https://github.com/sveltejs/svelte
Events
Introduced
0The exact introduced commit is unknown
Fixed
f8605d6acbf66976da9b4547f76e90e163899907

Affected versions

v0.*

v0.0.2
v0.1.0
v0.1.1
v0.2.0
v0.2.1
v0.2.2
v0.3.0

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.10.0
v1.10.1
v1.10.2
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.12.0
v1.12.1
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.13.7
v1.14.0
v1.14.1
v1.15.0
v1.15.1
v1.16.0
v1.17.0
v1.17.1
v1.17.2
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.19.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.20.0
v1.20.1
v1.20.2
v1.21.0
v1.22.0
v1.22.1
v1.22.2
v1.22.3
v1.22.4
v1.22.5
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.23.4
v1.24.0
v1.25.0
v1.25.1
v1.26.0
v1.26.1
v1.26.2
v1.27.0
v1.28.0
v1.28.1
v1.29.0
v1.29.1
v1.29.2
v1.29.3
v1.3.0
v1.3.1
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.39.1
v1.39.2
v1.39.3
v1.39.4
v1.4.0
v1.40.0
v1.40.1
v1.40.2
v1.41.0
v1.41.1
v1.41.2
v1.41.3
v1.41.4
v1.42.0
v1.42.1
v1.43.0
v1.43.1
v1.44.0
v1.44.1
v1.44.2
v1.45.0
v1.46.0
v1.46.1
v1.47.0
v1.47.1
v1.47.2
v1.48.0
v1.49.0
v1.49.1
v1.49.2
v1.49.3
v1.5.0
v1.50.0
v1.50.1
v1.51.0
v1.51.1
v1.52.0
v1.53.0
v1.54.0
v1.54.1
v1.54.2
v1.55.0
v1.55.1
v1.56.0
v1.56.1
v1.56.2
v1.56.3
v1.56.4
v1.57.0
v1.57.1
v1.57.2
v1.57.3
v1.57.4
v1.58.0
v1.58.1
v1.58.2
v1.58.3
v1.58.4
v1.58.5
v1.59.0
v1.6.0
v1.6.1
v1.6.10
v1.6.11
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.60.0
v1.60.1
v1.60.2
v1.60.3
v1.61.0
v1.62.0
v1.63.0
v1.63.1
v1.64.0
v1.64.1
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.9.0
v1.9.1

v2.*

v2.0.0
v2.1.0
v2.1.1
v2.10.0
v2.10.1
v2.11.0
v2.12.0
v2.12.1
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.2.0
v2.3.0
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.8.0
v2.8.1
v2.9.0
v2.9.1
v2.9.10
v2.9.11
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8
v2.9.9

v3.*

v3.0.0
v3.0.0-beta.24
v3.0.1
v3.1.0
v3.10.0
v3.10.1
v3.11.0
v3.12.0
v3.12.1
v3.13.0
v3.14.0
v3.14.1
v3.15.0
v3.16.0
v3.16.1
v3.16.2
v3.16.3
v3.16.4
v3.16.5
v3.16.6
v3.16.7
v3.17.0
v3.17.1
v3.17.2
v3.17.3
v3.18.0
v3.18.1
v3.18.2
v3.19.0
v3.19.1
v3.19.2
v3.2.0
v3.2.1
v3.2.2
v3.20.0
v3.20.1
v3.21.0
v3.22.0
v3.22.1
v3.22.2
v3.22.3
v3.23.0
v3.23.1
v3.23.2
v3.24.0
v3.24.1
v3.25.0
v3.25.1
v3.26.0
v3.27.0
v3.28.0
v3.29.0
v3.29.1
v3.29.2
v3.29.3
v3.29.4
v3.29.5
v3.29.6
v3.29.7
v3.3.0
v3.30.0
v3.30.1
v3.31.0
v3.31.1
v3.31.2
v3.32.0
v3.32.1
v3.32.2
v3.32.3
v3.33.0
v3.34.0
v3.35.0
v3.36.0
v3.37.0
v3.38.0
v3.38.1
v3.38.2
v3.38.3
v3.39.0
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.40.0
v3.40.1
v3.40.2
v3.40.3
v3.41.0
v3.42.0
v3.42.1
v3.42.2
v3.42.3
v3.42.4
v3.42.5
v3.42.6
v3.43.0
v3.43.1
v3.43.2
v3.44.0
v3.44.1
v3.44.2
v3.44.3
v3.45.0
v3.46.0
v3.46.1
v3.46.2
v3.46.3
v3.46.4
v3.46.5
v3.46.6
v3.47.0
v3.48.0
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.6.0
v3.6.1
v3.6.10
v3.6.11
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.6.7
v3.6.8
v3.6.9
v3.7.0
v3.7.1
v3.8.0
v3.8.1
v3.9.0
v3.9.1
v3.9.2