CVE-2024-45047

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45047

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45047.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-45047

Aliases

GHSA-8266-84wp-wv5c

Published

2024-08-30T17:15:15Z

Modified

2024-10-12T11:29:52.128156Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). More specifically, this can occur when injecting malicious content into an attribute within a noscript tag. This issue has been addressed in release version 4.2.19. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/sveltejs/svelte/security/advisories/GHSA-8266-84wp-wv5c

Affected packages

Git / github.com/sveltejs/svelte

Affected ranges

Type: GIT
Repo: https://github.com/sveltejs/svelte
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d8b31333ec4afeab7dd178aedc7c187bfb971531

Affected versions

svelte@4.*

svelte@4.0.0

svelte@4.0.0-next.0

svelte@4.0.0-next.1

svelte@4.0.0-next.3

svelte@4.0.1

svelte@4.0.2

svelte@4.0.3

svelte@4.0.4

svelte@4.0.5

svelte@4.1.0

svelte@4.1.1

svelte@4.1.2

svelte@4.2.0

svelte@4.2.1

svelte@4.2.10

svelte@4.2.11

svelte@4.2.12

svelte@4.2.13

svelte@4.2.14

svelte@4.2.15

svelte@4.2.16

svelte@4.2.17

svelte@4.2.18

svelte@4.2.2

svelte@4.2.3

svelte@4.2.4

svelte@4.2.5

svelte@4.2.6

svelte@4.2.7

svelte@4.2.8

svelte@4.2.9

v0.*

v0.0.2

v0.1.0

v0.1.1

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.10.0

v1.10.1

v1.10.2

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.12.0

v1.12.1

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.13.4

v1.13.5

v1.13.6

v1.13.7

v1.14.0

v1.14.1

v1.15.0

v1.15.1

v1.16.0

v1.17.0

v1.17.1

v1.17.2

v1.18.0

v1.18.1

v1.18.2

v1.19.0

v1.19.1

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.20.0

v1.20.1

v1.20.2

v1.21.0

v1.22.0

v1.22.1

v1.22.2

v1.22.3

v1.22.4

v1.22.5

v1.23.0

v1.23.1

v1.23.2

v1.23.3

v1.23.4

v1.24.0

v1.25.0

v1.25.1

v1.26.0

v1.26.1

v1.26.2

v1.27.0

v1.28.0

v1.28.1

v1.29.0

v1.29.1

v1.29.2

v1.29.3

v1.3.0

v1.3.1

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.36.0

v1.37.0

v1.38.0

v1.39.0

v1.39.1

v1.39.2

v1.39.3

v1.39.4

v1.4.0

v1.40.0

v1.40.1

v1.40.2

v1.41.0

v1.41.1

v1.41.2

v1.41.3

v1.41.4

v1.42.0

v1.42.1

v1.43.0

v1.43.1

v1.44.0

v1.44.1

v1.44.2

v1.45.0

v1.46.0

v1.46.1

v1.47.0

v1.47.1

v1.47.2

v1.48.0

v1.49.0

v1.49.1

v1.49.2

v1.49.3

v1.5.0

v1.50.0

v1.50.1

v1.51.0

v1.51.1

v1.52.0

v1.53.0

v1.54.0

v1.54.1

v1.54.2

v1.55.0

v1.55.1

v1.56.0

v1.56.1

v1.56.2

v1.56.3

v1.56.4

v1.57.0

v1.57.1

v1.57.2

v1.57.3

v1.57.4

v1.58.0

v1.58.1

v1.58.2

v1.58.3

v1.58.4

v1.58.5

v1.59.0

v1.6.0

v1.6.1

v1.6.10

v1.6.11

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.60.0

v1.60.1

v1.60.2

v1.60.3

v1.61.0

v1.62.0

v1.63.0

v1.63.1

v1.64.0

v1.64.1

v1.7.0

v1.7.1

v1.8.0

v1.8.1

v1.9.0

v1.9.1

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.10.0

v2.10.1

v2.11.0

v2.12.0

v2.12.1

v2.13.0

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.13.5

v2.14.0

v2.14.1

v2.14.2

v2.14.3

v2.15.0

v2.15.1

v2.15.2

v2.15.3

v2.15.4

v2.2.0

v2.3.0

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.5.0

v2.5.1

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.7.0

v2.7.1

v2.7.2

v2.8.0

v2.8.1

v2.9.0

v2.9.1

v2.9.10

v2.9.11

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9

v3.*

v3.0.0

v3.0.0-beta.24

v3.0.1

v3.1.0

v3.10.0

v3.10.1

v3.11.0

v3.12.0

v3.12.1

v3.13.0

v3.14.0

v3.14.1

v3.15.0

v3.16.0

v3.16.1

v3.16.2

v3.16.3

v3.16.4

v3.16.5

v3.16.6

v3.16.7

v3.17.0

v3.17.1

v3.17.2

v3.17.3

v3.18.0

v3.18.1

v3.18.2

v3.19.0

v3.19.1

v3.19.2

v3.2.0

v3.2.1

v3.2.2

v3.20.0

v3.20.1

v3.21.0

v3.22.0

v3.22.1

v3.22.2

v3.22.3

v3.23.0

v3.23.1

v3.23.2

v3.24.0

v3.24.1

v3.25.0

v3.25.1

v3.26.0

v3.27.0

v3.28.0

v3.29.0

v3.29.1

v3.29.2

v3.29.3

v3.29.4

v3.29.5

v3.29.6

v3.29.7

v3.3.0

v3.30.0

v3.30.1

v3.31.0

v3.31.1

v3.31.2

v3.32.0

v3.32.1

v3.32.2

v3.32.3

v3.33.0

v3.34.0

v3.35.0

v3.36.0

v3.37.0

v3.38.0

v3.38.1

v3.38.2

v3.38.3

v3.39.0

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.40.0

v3.40.1

v3.40.2

v3.40.3

v3.41.0

v3.42.0

v3.42.1

v3.42.2

v3.42.3

v3.42.4

v3.42.5

v3.42.6

v3.43.0

v3.43.1

v3.43.2

v3.44.0

v3.44.1

v3.44.2

v3.44.3

v3.45.0

v3.46.0

v3.46.1

v3.46.2

v3.46.3

v3.46.4

v3.46.5

v3.46.6

v3.47.0

v3.48.0

v3.49.0

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.50.0

v3.50.1

v3.51.0

v3.52.0

v3.53.0

v3.53.1

v3.54.0

v3.55.0

v3.55.1

v3.56.0

v3.57.0

v3.58.0

v3.59.0

v3.59.1

v3.59.2

v3.6.0

v3.6.1

v3.6.10

v3.6.11

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

v3.6.7

v3.6.8

v3.6.9

v3.7.0

v3.7.1

v3.8.0

v3.8.1

v3.9.0

v3.9.1

v3.9.2