CNNVD-202511-1541 Information
CNNVD ID
CNNVD-202511-1541
Related CVE
- CNNVD Published: 2025-11-13
Description (Chinese)
Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.2.0版本至5.15.6之前版本存在跨站脚本漏洞,该漏洞源于开发服务器错误页面存在反射型跨站脚本漏洞,可能导致执行任意JavaScript代码。
Description (English)
Astro is the web framework for a content-driven site that is open to Astro. Pre-Astro Versions 5.2.0 to 5.15.6 had a cross-site script loophole, which stemmed from a reflective cross-site script gap in the development of the server error page, which could lead to the implementation of any JavaScript code.
Hazard Level
Critical
Vulnerability Type
跨站脚本
Affected Vendor
Astro
Published
2025-11-13
Last Modified
2026-02-24
References
https://github.com/withastro/astro/pull/12994 https://github.com/withastro/astro/security/advisories/GHSA-w2vj-39qv-7vh7 https://github.com/withastro/astro/blob/5bc37fd5cade62f753aef66efdf40f982379029a/packages/astro/src/template/4xx.ts#L133-L149 https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91 https://access.redhat.com/security/cve/cve-2025-64745
Patch
https://github.com/withastro/astro/releases
Share on: