Primary

Context

Svelte devalue Prototype Pollution Vulnerability in devalue.parse and devalue.unflatten

Vulnerability

A prototype pollution vulnerability has been identified in the Svelte devalue library, specifically in versions through 5.6.3. The issue arises in the devalue.parse and devalue.unflatten functions, which are vulnerable to maliciously crafted payloads. Exploitation of this vulnerability could lead to a Denial of Service (DoS) condition or type confusion.

Impact

Exploitation of this vulnerability could cause a Denial of Service (DoS) condition or type confusion.

Remediation

Users can upgrade to devalue version 5.6.4 to address this vulnerability.

Added: Mar 11, 2026, 6:26 PM

Updated: Mar 11, 2026, 6:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

3.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

3.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Svelte devalue Prototype Pollution Vulnerability in devalue.parse and devalue.unflatten

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating