CVE-2025-67647: SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering
Versions of SvelteKit are vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions.
References
- github.com/advisories/GHSA-j62c-4x62-9r35
- github.com/sveltejs/kit
- github.com/sveltejs/kit/commit/d9ae9b00b14f5574d109f3fd548f960594346226
- github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fadapter-node%405.5.1
- github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.49.5
- github.com/sveltejs/kit/security/advisories/GHSA-j62c-4x62-9r35
- nvd.nist.gov/vuln/detail/CVE-2025-67647
Code Behaviors & Features
Detect and mitigate CVE-2025-67647 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →