Количество 2
Количество 2
CVE-2025-64525
Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers `x-forwarded-proto` and `x-forwarded-port` are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are: middleware-based protected route bypass (only via `x-forwarded-proto`), DoS via cache poisoning (if a CDN is present), SSRF (only via `x-forwarded-proto`), URL pollution (potential SXSS, if a CDN is present), and WAF bypass. Version 5.15.5 contains a patch.
GHSA-hr2q-hp5q-x767
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-64525 Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers `x-forwarded-proto` and `x-forwarded-port` are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are: middleware-based protected route bypass (only via `x-forwarded-proto`), DoS via cache poisoning (if a CDN is present), SSRF (only via `x-forwarded-proto`), URL pollution (potential SXSS, if a CDN is present), and WAF bypass. Version 5.15.5 contains a patch. | CVSS3: 6.5 | 2% Низкий | около 1 месяца назад |
| GHSA-hr2q-hp5q-x767 Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass | CVSS3: 6.5 | 2% Низкий | около 1 месяца назад |
Уязвимостей на страницу