9 matches found
CVE-2025-61925
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
GHSA-5FF5-9FCW-VG88 Astro's `X-Forwarded-Host` is reflected without validation
Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe. Details Astro reflects th...
EUVD-2025-33766
Astro's X-Forwarded-Host is reflected without validation...
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the X-Forwarded-Host header when using the Astro.url property without validation. An attacker c...
Astro's `X-Forwarded-Host` is reflected without validation
Summary When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe. Details Astro reflects th...
CVE-2025-61925
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation
Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...
PT-2025-41598
Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.14.2 Description Astro, a web framework, does not validate the X-Forwarded-Host header when using Astro.url, leading to potential manipulation of output values. A malicious request with a differing Host and...