Dismissed
by @pyrox0 Activity log
- Created automatic suggestion
-
@pyrox0
removed
10 packages
- svelte-check
- svelte-language-server
- nodePackages.svelte-check
- nodePackages_latest.svelte-check
- vscode-extensions.svelte.svelte-vscode
- tree-sitter-grammars.tree-sitter-svelte
- vimPlugins.nvim-treesitter-parsers.svelte
- python312Packages.tree-sitter-grammars.tree-sitter-svelte
- python313Packages.tree-sitter-grammars.tree-sitter-svelte
- python314Packages.tree-sitter-grammars.tree-sitter-svelte
- @pyrox0 dismissed
Svelte SSR does not validate dynamic element tag names in `<svelte:element>`
svelte performance oriented web framework. Prior to 5.51.5, when using <svelte:element this={tag}> in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.
References
- https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp x_refsource_CONFIRM
Affected products
svelte
- ==< 5.51.5
Ignored packages (10)
pkgs.svelte-check
Svelte code checker
pkgs.svelte-language-server
Language server (implementing the language server protocol) for Svelte
pkgs.nodePackages.svelte-check
Svelte Code Checker Terminal Interface
pkgs.nodePackages_latest.svelte-check
Svelte Code Checker Terminal Interface
pkgs.vscode-extensions.svelte.svelte-vscode
Svelte language support for VS Code
pkgs.tree-sitter-grammars.tree-sitter-svelte
None
-
nixos-unstable 0.0.0+rev=ae5199d
- nixpkgs-unstable 0.0.0+rev=ae5199d
- nixos-unstable-small 0.0.0+rev=ae5199d
pkgs.python312Packages.tree-sitter-grammars.tree-sitter-svelte
Python bindings for tree-sitter-svelte
pkgs.python313Packages.tree-sitter-grammars.tree-sitter-svelte
Python bindings for tree-sitter-svelte
pkgs.python314Packages.tree-sitter-grammars.tree-sitter-svelte
Python bindings for tree-sitter-svelte