CNNVD-202510-3812 Information
CNNVD ID
CNNVD-202510-3812
Related CVE
- CNNVD Published: 2025-10-28
Description (Chinese)
Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.13.4版本至5.13.10之前版本存在代码问题漏洞,该漏洞源于href参数中使用反斜杠可绕过图像代理域验证,可能导致服务端请求伪造和跨站脚本攻击。
Description (English)
Astro is the web framework for a content-driven site that is open to Astro. There is a code problem loophole in the pre-Astro versions 5.13.4 to 5.13.10, which stems from the use of a backslash in the href parameter to circumvent the image proxy domain, which may lead to a service request for forgery and cross-site script attacks.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Astro
Published
2025-10-28
Last Modified
2026-02-24
References
https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252 https://github.com/withastro/astro/commit/1e2499e8ea83ebfa233a18a7499e1ccf169e56f4 https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2 https://access.redhat.com/security/cve/cve-2025-59837
Patch
https://github.com/withastro/astro/releases
Share on: