CVE-2022-25875

Name of the Vulnerable Software and Affected Versions svelte versions prior to 3.49.0

Description The issue arises from improper input sanitization and improper escape of attributes when using objects during Server-Side Rendering (SSR), leading to Cross-site Scripting (XSS). This can be exploited via objects with a custom toString() function.

Recommendations For versions prior to 3.49.0, update to version 3.49.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of objects with custom toString() functions in SSR until a patch is applied.