You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The server crashes when someone tries to load a malformed URI like the following: /%c0%ae%c0%ae/etc/passwd
This issue probably only occurs for the node adapter. I tried it with a vercel project and it seems like vercel itself catches the malformed request before it reaches the SvelteKit application.
Reproduction
create a new SvelteKit project
run npm run build
run npm start
access following url in your browser: http://localhost:3000/%c0%ae%c0%ae/etc/passwd
=> the server has crashed
Logs
During local development you will get following error:
[vite] Internal server error: URI malformed
at decodeURI (<anonymous>)
Describe the bug
The server crashes when someone tries to load a malformed URI like the following:
/%c0%ae%c0%ae/etc/passwd
This issue probably only occurs for the node adapter. I tried it with a vercel project and it seems like vercel itself catches the malformed request before it reaches the SvelteKit application.
Reproduction
npm run build
npm start
http://localhost:3000/%c0%ae%c0%ae/etc/passwd
=> the server has crashed
Logs
System Info
Severity
serious, but I can work around it
Additional Information
Current workaround: fixing SvelteKit with
patch-package
The text was updated successfully, but these errors were encountered: