目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

astro 产品漏洞列表 / CVE 中文分析 30

astro 产品相关 30 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

本页面聚焦于 Astro 产品的安全漏洞信息聚合。此处收录了与该框架及相关生态系统相关的各类安全缺陷,涵盖从早期版本发布至今的长期历史数据,旨在全面展示其安全态势的演变轨迹。通过此页面,您可以快速追踪 Astro 官方及社区发布的安全公告,深入理解特定类型漏洞的技术细节与影响范围,并检索该产品的历史漏洞记录,从而为系统升级与风险缓解提供准确的技术参考依据。

ベンダー: withastro

CVE IDタイトルCVSS深刻度公開日
CVE-2026-54299 Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL) CWE-20 7.5 High2026-06-22
CVE-2026-54298 Astro: XSS via Unescaped Attribute Names in Spread Props CWE-79 4.2 Medium2026-06-22
CVE-2026-50146 Astro: Reflected XSS via unescaped slot name CWE-80 7.1 High2026-06-22
CVE-2026-54300 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config CWE-918 5.3 Medium2026-06-22
CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay CWE-323--2026-05-13
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass CWE-436 9.1 Critical2026-04-24
CVE-2026-41322 @astrojs/node: Cache Poisoning due to incorrect error handling when if-match header is malformed CWE-525 5.3 Medium2026-04-24
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass CWE-79 6.1 Medium2026-04-24
CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard CWE-20 9.1 -2026-03-24
CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path` CWE-441 6.5 Medium2026-03-24
CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands CWE-770 5.9 Medium2026-03-24
CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize CWE-918 6.5 Medium2026-02-26
CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions CWE-770 5.9 Medium2026-02-24
CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection CWE-918 9.1 -2026-02-24
CVE-2025-66202 Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 CWE-647 6.5 Medium2025-12-08
CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values CWE-22 8.2AIHighAI2025-11-19
CVE-2025-64764 Astro is vulnerable to Reflected XSS via the server islands feature CWE-80 7.1 High2025-11-19
CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint CWE-79 5.4 Medium2025-11-19
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read CWE-22 3.5 Low2025-11-19
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting CWE-79 2.7 Low2025-11-13
CVE-2025-64525 Astro: URL manipulation via unsanitized headers leads to path-based middleware protections bypass, potential SSRF/cache-poisoning, CVE-2025-61925 bypass CWE-918 6.5 Medium2025-11-13
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS CWE-918 7.2 High2025-10-28
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation CWE-470 6.5 Medium2025-10-10
CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint CWE-918 7.2 High2025-09-04
CVE-2025-55303 Unauthorized third-party images in Astro’s _image endpoint CWE-79 7.2AIHighAI2025-08-19
CVE-2025-55207 @astrojs/node's trailing slash handling causes open redirect issue CWE-601 6.1AIMediumAI2025-08-15
CVE-2025-54793 Astro: Duplicate trailing slash feature can lead to Open Redirects CWE-601 6.1 -2025-08-08
CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled CWE-219 7.5 -2024-12-19
CVE-2024-56140 Bypass of CSRF Middleware in Astro CWE-352 5.9 Medium2024-12-18
CVE-2024-47885 astro's client-side router has DOM Clobbering Gadget that leads to XSS CWE-79 5.9 Medium2024-10-14

astro 产品累计公开 30 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。