[2026-01-17T14:56:25+00:00] Starting reproduction for GHSA-gw32-9rmw-qwww
[2026-01-17T14:56:25+00:00] Found v22.21.1
[2026-01-17T14:56:26+00:00] Found 10.9.4
[2026-01-17T14:56:26+00:00] Preparing clean workspace at /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/repro/svelte-textarea-xss
[2026-01-17T14:56:26+00:00] Created package.json pinned to vulnerable svelte@3.59.1
[2026-01-17T14:56:26+00:00] Wrote vulnerable Component.svelte
[2026-01-17T14:56:26+00:00] Created SSR renderer
[2026-01-17T14:56:26+00:00] Installing npm dependencies (see /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/npm-install.log for full output)
[2026-01-17T14:56:29+00:00] npm install completed
[2026-01-17T14:56:29+00:00] Rendering Component via SSR
[2026-01-17T14:57:10+00:00] Starting reproduction for GHSA-gw32-9rmw-qwww
[2026-01-17T14:57:10+00:00] Found v22.21.1
[2026-01-17T14:57:11+00:00] Found 10.9.4
[2026-01-17T14:57:11+00:00] Preparing clean workspace at /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/repro/svelte-textarea-xss
[2026-01-17T14:57:11+00:00] Created package.json pinned to vulnerable svelte@3.59.1
[2026-01-17T14:57:11+00:00] Wrote vulnerable Component.svelte
[2026-01-17T14:57:11+00:00] Created SSR renderer
[2026-01-17T14:57:11+00:00] Installing npm dependencies (see /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/npm-install.log for full output)
[2026-01-17T14:57:13+00:00] npm install completed
[2026-01-17T14:57:13+00:00] Rendering Component via SSR
[2026-01-17T14:57:13+00:00] Captured SSR HTML to /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/ssr-output.html
[2026-01-17T14:57:14+00:00] VULNERABILITY REPRODUCED: malicious <script> tag present in SSR output
[2026-01-17T14:57:40+00:00] Starting reproduction for GHSA-gw32-9rmw-qwww
[2026-01-17T14:57:40+00:00] Found v22.21.1
[2026-01-17T14:57:41+00:00] Found 10.9.4
[2026-01-17T14:57:41+00:00] Preparing clean workspace at /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/repro/svelte-textarea-xss
[2026-01-17T14:57:41+00:00] Created package.json pinned to vulnerable svelte@3.59.1
[2026-01-17T14:57:41+00:00] Wrote vulnerable Component.svelte
[2026-01-17T14:57:41+00:00] Created SSR renderer
[2026-01-17T14:57:41+00:00] Installing npm dependencies (see /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/npm-install.log for full output)
[2026-01-17T14:57:43+00:00] npm install completed
[2026-01-17T14:57:43+00:00] Rendering Component via SSR
[2026-01-17T14:57:43+00:00] Captured SSR HTML to /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/ssr-output.html
[2026-01-17T14:57:43+00:00] VULNERABILITY REPRODUCED: malicious <script> tag present in SSR output
[2026-01-17T14:58:37+00:00] Starting reproduction for GHSA-gw32-9rmw-qwww
[2026-01-17T14:58:37+00:00] Found v22.21.1
[2026-01-17T14:58:37+00:00] Found 10.9.4
[2026-01-17T14:58:37+00:00] Preparing clean workspace at /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/repro/svelte-textarea-xss
[2026-01-17T14:58:38+00:00] Created package.json pinned to vulnerable svelte@3.59.1
[2026-01-17T14:58:38+00:00] Wrote vulnerable Component.svelte
[2026-01-17T14:58:38+00:00] Created SSR renderer
[2026-01-17T14:58:38+00:00] Installing npm dependencies (see /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/npm-install.log for full output)
[2026-01-17T14:58:40+00:00] npm install completed
[2026-01-17T14:58:40+00:00] Rendering Component via SSR
[2026-01-17T14:58:40+00:00] Captured SSR HTML to /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/ssr-output.html
[2026-01-17T14:58:40+00:00] VULNERABILITY REPRODUCED: malicious <script> tag present in SSR output
[2026-01-17T14:58:50+00:00] Starting reproduction for GHSA-gw32-9rmw-qwww
[2026-01-17T14:58:50+00:00] Found v22.21.1
[2026-01-17T14:58:50+00:00] Found 10.9.4
[2026-01-17T14:58:50+00:00] Preparing clean workspace at /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/repro/svelte-textarea-xss
[2026-01-17T14:58:50+00:00] Created package.json pinned to vulnerable svelte@3.59.1
[2026-01-17T14:58:50+00:00] Wrote vulnerable Component.svelte
[2026-01-17T14:58:50+00:00] Created SSR renderer
[2026-01-17T14:58:50+00:00] Installing npm dependencies (see /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/npm-install.log for full output)
[2026-01-17T14:58:52+00:00] npm install completed
[2026-01-17T14:58:53+00:00] Rendering Component via SSR
[2026-01-17T14:58:53+00:00] Captured SSR HTML to /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/ssr-output.html
[2026-01-17T14:58:53+00:00] VULNERABILITY REPRODUCED: malicious <script> tag present in SSR output
[2026-01-17T15:01:29+00:00] Starting reproduction for GHSA-gw32-9rmw-qwww
[2026-01-17T15:01:29+00:00] Found v22.21.1
[2026-01-17T15:01:30+00:00] Found 10.9.4
[2026-01-17T15:01:30+00:00] Preparing clean workspace at /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/repro/svelte-textarea-xss
[2026-01-17T15:01:30+00:00] Created package.json pinned to vulnerable svelte@3.59.1
[2026-01-17T15:01:30+00:00] Wrote vulnerable Component.svelte
[2026-01-17T15:01:30+00:00] Created SSR renderer
[2026-01-17T15:01:30+00:00] Installing npm dependencies (see /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/npm-install.log for full output)
[2026-01-17T15:01:32+00:00] npm install completed
[2026-01-17T15:01:32+00:00] Rendering Component via SSR
[2026-01-17T15:01:32+00:00] Captured SSR HTML to /root/.pruva/runs/ghsa-gw32-9rmw-qwww_20260117-145217/logs/ssr-output.html
[2026-01-17T15:01:32+00:00] VULNERABILITY REPRODUCED: malicious <script> tag present in SSR output