{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T05:56:30.089","vulnerabilities":[{"cve":{"id":"CVE-2024-53262","sourceIdentifier":"security-advisories@github.com","published":"2024-11-25T20:15:10.423","lastModified":"2025-08-28T14:39:17.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contain the following placeholders: %sveltekit.status% — the HTTP status, and %sveltekit.error.message% — the error message.  This leads to possible injection if an app explicitly creates an error with a message that contains user controlled content. Only applications where user provided input is used in the `Error` message will be vulnerable, so the vast majority of applications will not be vulnerable This issue has been addressed in version 2.8.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"SvelteKit es un framework para desarrollar rápidamente aplicaciones web robustas y de alto rendimiento utilizando Svelte. La plantilla estática error.html para errores contiene marcadores de posición que se reemplazan sin escapar el contenido primero. error.html es la página que se representa cuando todo lo demás falla. Puede contener los siguientes marcadores de posición: %sveltekit.status%: el estado HTTP y %sveltekit.error.message%: el mensaje de error. Esto conduce a una posible inyección si una aplicación crea explícitamente un error con un mensaje que contiene contenido controlado por el usuario. Solo las aplicaciones en las que se utiliza la entrada proporcionada por el usuario en el mensaje `Error` serán vulnerables, por lo que la gran mayoría de las aplicaciones no serán vulnerables. Este problema se ha solucionado en la versión 2.8.3 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.0,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:svelte:sveltekit:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.8.3","matchCriteriaId":"2588130D-C9C2-47BC-B565-571E28BA17A8"}]}]}],"references":[{"url":"https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://kit.svelte.dev/docs/errors","source":"security-advisories@github.com","tags":["Issue Tracking"]}]}}]}