CNNVD-202511-2191 Information

CNNVD ID

CNNVD-202511-2191

Related CVE

CVE-2025-64765

• CNNVD Published: 2025-11-19

Description (Chinese)

Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.15.8之前版本存在路径遍历漏洞，该漏洞源于路径规范化不一致，可能导致绕过验证检查访问受保护路由。

Description (English)

Astro is the web framework for a content-driven site that is open to Astro. Pre-Astro 5.15.8 has a loophole in the path, which stems from inconsistent routing, which may lead to bypassing the validation inspection access protected route.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Astro

Published

2025-11-19

Last Modified

2026-02-24

References

https://github.com/withastro/astro/commit/6f800813516b07bbe12c666a92937525fddb58ce https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794 https://access.redhat.com/security/cve/cve-2025-64765

Patch

https://github.com/withastro/astro/releases