CNNVD-202511-1596 Information
CNNVD ID
CNNVD-202511-1596
Related CVE
- CNNVD Published: 2025-11-13
Description (Chinese)
Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 2.16.0版本至5.15.5之前版本存在代码问题漏洞,该漏洞源于不安全使用x-forwarded-proto和x-forwarded-port请求标头,可能导致中间件保护路由绕过和服务器端请求伪造。
Description (English)
Astro is the web framework for a content-driven site that is open to Astro. Astro 2.16.0 to 5.15.5 had a code problem loophole, which stemmed from the unsafe use of x-forwarded-proto and x-forwarded-port request headers, which could lead to the forgery of intermediate protection circuits by bypassing and server requests.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Astro
Published
2025-11-13
Last Modified
2026-02-24
References
https://github.com/withastro/astro/blob/970ac0f51172e1e6bff4440516a851e725ac3097/packages/astro/src/core/app/node.ts#L121 https://github.com/withastro/astro/blob/970ac0f51172e1e6bff4440516a851e725ac3097/packages/astro/src/core/app/node.ts#L97 https://github.com/withastro/astro/commit/dafbb1ba29912099c4faff1440033edc768af8b4 https://github.com/withastro/astro/security/advisories/GHSA-hr2q-hp5q-x767
Patch
https://github.com/withastro/astro/releases
Share on: