XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass · Advisory · withastro/astro · GitHub
Security AdvisoryHighAstro
Affected:
- Astro <= 6.1.1
Fixed in:
- Astro 6.1.6
Referenced CVEs: CVE-2026-41067 · 6.1
文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive
This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.