[devalue] devalue affected by CPU and memory amplification from sparse arrays

**[devalue] devalue affected by CPU and memory amplification from sparse arrays**

Under certain circumstances, serializing sparse arrays using uneval or stringify could cause CPU and/or memory exhaustion. When this occurs on the server, it results in a DoS. This is extremely difficult to take advantage of in practice, as an attacker would have to manage to create a sparse array on the server — which is impossible in every mainstream wire format — and then that sparse array would have to be run through uneval or stringify. References https://github.com/sveltejs/devalue/security/advisories/GHSA-33hq-fvwr-56pm https://github.com/sveltejs/devalue/commit/819f1ac7475ab37547645cfb09bf2f678a799cf0 https://github.com/sveltejs/devalue/releases/tag/v5.6.3 https://github.com/advisories/GHSA-33hq-fvwr-56pm

---

**[devsupporter 해설]**

이 기사는 GitHub Security Advisories에서 제공하는 최신 개발 동향입니다. 관련 도구나 기술에 대해 더 알아보시려면 원본 링크를 참고하세요.