GHSA-9rmh-mm8f-r9h6Medium
Svelte: ReDoS in `<svelte:element>` Tag Validation
🔗 CVE IDs covered (1)
📋 Description
An internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe.
🎯 Affected products1
- npm/svelte:>= 5.51.5, <= 5.55.6