CNNVD-202509-940 Information

CNNVD ID

CNNVD-202509-940

Related CVE

CVE-2025-58179

• CNNVD Published: 2025-09-05

Description (Chinese)

Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 11.0.3至12.6.5版本存在代码问题漏洞，该漏洞源于Cloudflare适配器存在SSRF，可能允许绕过第三方域名限制。

Description (English)

Astro is the web framework for a content-driven site that is open to Astro. There is a code gap in Astro 11.0.3 to 12.6.5, which stems from the existence of SSRF in the Cloudflare adaptor, which may allow circumvention of third-party domain name limits.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Astronomer

Published

2025-09-05

Last Modified

2026-02-24

References

https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252 https://github.com/withastro/astro/security/advisories/GHSA-qpr4-c339-7vq8

Patch

https://github.com/withastro/astro/releases