4 matches found
@chocolatey-software/astro (>=2.0.0 <=2.5.0), choco-astro (>=0.3.1 <=0.4.0) potentially affected by CVE-2026-27729 via @astrojs/node (>=9.2.2 <=9.5.2)
@astrojs/node NPM version =9.2.2, =2.0.0, =0.3.1, =0.4.0 Source cves: CVE-2026-27729 Source advisory: OSV:GHSA-JM64-8M5Q-4QH8...
@stnd/build (=0.18.70), stnd (=0.18.70) potentially affected by CVE-2026-27729 via astro (=6.0.0-beta.1)
astro NPM version =6.0.0-beta.1 is affected by a known vulnerability. The following packages have a transitive dependency on astro and may be impacted: - @stnd/build =0.18.70 - stnd =0.18.70 Source cves: CVE-2026-27729 Source advisory: SNYK:JS-ASTRO-15338138...
@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @anyauth/design-system (>=0.5.0 <=0.5.1) +21 more potentially affected by CVE-2026-27729 via astro (>=5.10.1 <=5.17.2)
astro NPM version =5.10.1, =1.0.0, =0.5.0, =0.0.1, =0.1.0, =0.0.1, =2.0.0, =2.18.7, =0.1.2-alpha.1, =0.0.28, =0.0.28, =1.5.1, =1.13.2, =0.0.1, =0.0.2 and more Source cves: CVE-2026-27729 Source advisory: SNYK:JS-ASTRO-15338138...
CVE-2026-27729
Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...