Количество 2
Количество 2
CVE-2025-59837
Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery (SSRF) and potentially cross-site scripting (XSS). This vulnerability exists due to an incomplete fix for CVE-2025-58179. Fixed in 5.13.10.
GHSA-qcpr-679q-rhm2
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-59837 Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery (SSRF) and potentially cross-site scripting (XSS). This vulnerability exists due to an incomplete fix for CVE-2025-58179. Fixed in 5.13.10. | CVSS3: 7.2 | 0% Низкий | 3 месяца назад |
| GHSA-qcpr-679q-rhm2 Astro's bypass of image proxy domain validation leads to SSRF and potential XSS | CVSS3: 7.2 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу