Tag

Cve-2026-42570

1 brief RSS

Svelte devalue Denial-of-Service via Sparse Array Deserialization (CVE-2026-42570)

The `devalue` package is vulnerable to a denial-of-service (DoS) attack (CVE-2026-42570) due to excessive memory allocation during sparse array deserialization via `devalue.parse`, affecting versions 5.6.3 through 5.8.0.

devalue denial-of-service cve-2026-42570

2r 1t 52m ago