CNNVD-202512-1079 Information

CNNVD ID

CNNVD-202512-1079

Related CVE

CVE-2025-66202

• CNNVD Published: 2025-12-09

Description (Chinese)

Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.15.7及以下版本存在安全漏洞，该漏洞源于双重URL编码绕过，可能导致未经验证的攻击者访问受保护路由。

Description (English)

Astro is the web framework for a content-driven site that is open to Astro. Astro 5.15.7 and the following versions contain a security loophole, which stems from the double URL code circumvention, which may lead to uncertified assailants accessing protected routes.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Astro

Published

2025-12-09

Last Modified

2026-02-24

References

https://github.com/withastro/astro/commit/6f800813516b07bbe12c666a92937525fddb58ce https://github.com/withastro/astro/security/advisories/GHSA-whqg-ppgf-wp8c https://github.com/withastro/astro/security/advisories/GHSA-ggxq-hp9w-j794 https://access.redhat.com/security/cve/cve-2025-66202

Patch

https://github.com/withastro/astro/releases