![[@sveltejs/kit] CPU exhaustion in SvelteKit remote form deserialization (experimental only)](/assets/images/github_com_1771583662365.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 5
[@sveltejs/kit] CPU exhaustion in SvelteKit remote form deserialization (experimental only)
By GitHub2026๋
2์ 20์ผ
**[@sveltejs/kit] CPU exhaustion in SvelteKit remote form deserialization (experimental only)**
Versions of @sveltejs/kit prior to 2.52.2 with remote functions enabled are vulnerable to CPU exhaustion. Malformed form data can cause the server to become unresponsive while processing a request, resulting in denial of service. Only applications using both experimental.remoteFunctions and form are vulnerable. References https://github.com/sveltejs/kit/security/advisories/GHSA-88qp-p4qg-rqm6 https://github.com/sveltejs/kit/commit/3e607b314aec9e5f278d32847945b8b6323e1cb8 https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.52.2 https://github.com/advisories/GHSA-88qp-p4qg-rqm6
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Versions of @sveltejs/kit prior to 2.52.2 with remote functions enabled are vulnerable to CPU exhaustion. Malformed form data can cause the server to become unresponsive while processing a request, resulting in denial of service. Only applications using both experimental.remoteFunctions and form are vulnerable. References https://github.com/sveltejs/kit/security/advisories/GHSA-88qp-p4qg-rqm6 https://github.com/sveltejs/kit/commit/3e607b314aec9e5f278d32847945b8b6323e1cb8 https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.52.2 https://github.com/advisories/GHSA-88qp-p4qg-rqm6
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.