CNNVD-202508-2206 Information

CNNVD ID

CNNVD-202508-2206

Related CVE

CVE-2025-55303

• CNNVD Published: 2025-08-19

Description (Chinese)

Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.13.2之前版本和4.16.18之前版本存在安全漏洞，该漏洞源于图像优化端点可能绕过第三方域名限制。

Description (English)

Astro is the web framework for a content-driven site that is open to Astro. Pre-Astro 5.13.2 and pre-4.16.18 have a security loophole, which stems from the potential for image optimization endpoints to circumvent third-party domain name limits.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Astronomer

Published

2025-08-19

Last Modified

2026-02-24

References

https://github.com/withastro/astro/commit/4d16de7f95db5d1ec1ce88610d2a95e606e83820 https://github.com/withastro/astro/security/advisories/GHSA-xf8x-j4p2-f749 https://nvd.nist.gov/vuln/detail/CVE-2025-55303 https://access.redhat.com/security/cve/cve-2025-55303

Patch

https://astro.build/