Kamerat

**Name of the Vulnerable Software and Affected Versions** @Sveltejs/adapter-node versions prior to 2.1.2, 3.0.3, and 4.0.1 @Sveltejs/kit versions prior to 2.4.3 **Description** The issue occurs when sending a GET request with a body, for example `{}`, to a built and previewed/hosted SvelteKit app, which throws a `Request with GET/HEAD method cannot have body.` error and crashes the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. **Recommendations** For @Sveltejs/adapter-node versions prior to 2.1.2, 3.0.3, and 4.0.1, update to version 2.1.2, 3.0.3, or 4.0.1 to resolve the issue. For @Sveltejs/kit versions prior to 2.4.3, update to version 2.4.3 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoint until a patch is available. Avoid using the `GET` method with a body in the affected API endpoint until the issue is resolved.