Lucene search
K

33 matches found

Nuclei
Nuclei
added yesterday26 views

Astro Cloudflare Adapter - Server Side Request Forgery

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6AI score0.00773EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/04/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-58179

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS5.2AI score0.00773EPSS
In wildExploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:4 p.m.3 views

CVE-2026-41321

@astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP...

7.2CVSS5.6AI score0.00773EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.12 views

CVE-2025-65019

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

6.1CVSS6.1AI score0.00218EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/19 8:9 p.m.5 views

EUVD-2025-198182

Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /image endpoint...

5.4CVSS5.7AI score0.00218EPSS
Exploits1References4
OSV
OSV
added 2025/11/19 8:9 p.m.3 views

GHSA-FVMW-CJ7J-J39Q Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

Summary A Cross-Site Scripting XSS vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint /image uses isRemoteAllowed from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receive...

5.4CVSS6.4AI score0.00218EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/19 8:9 p.m.73 views

Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

Summary A Cross-Site Scripting XSS vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint /image uses isRemoteAllowed from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receive...

6.1CVSS6.3AI score0.00218EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/11/19 5:15 p.m.9 views

CVE-2025-65019

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

6.1CVSS0.00218EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/19 4:40 p.m.3 views

CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

5.4CVSS5.7AI score0.00218EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/19 4:40 p.m.17 views

CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

5.4CVSS0.00218EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 4:40 p.m.12 views

CVE-2025-65019

Astro CVE-2025-65019 affects the Cloudflare adapter when using output: 'server'. The image optimization endpoint /_image unconditionally allows data: URLs via isRemoteAllowed(), enabling XSS through malicious SVG payloads that the browser can execute after a 302 redirect. Affected components: @as...

6.1CVSS5.7AI score0.00218EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/11/19 4:40 p.m.6 views

CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

5.4CVSS6AI score0.00218EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.9 views

PT-2025-47490

Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.15.9 Description Astro, a web framework, has an issue when using the Cloudflare adapter @astrojs/cloudflare with output set to 'server'. The image optimization endpoint '/ image' includes a flaw in the isRemoteAllowed...

6.1CVSS5.7AI score0.00218EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18433

Malicious code in bioql PyPI...

9.1CVSS6.3AI score0.00832EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26878

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00773EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/07 12:45 a.m.16 views

CVE-2025-58179

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6.8AI score0.00773EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/05 12:42 a.m.2 views

Server-side Request Forgery (SSRF)

Overview @astrojs/cloudflare is a Deploy your site to Cloudflare Workers/Pages Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /image endpoint. An attacker can access internal or unauthorized resources by submitting crafted URLs to the generated image...

7.2CVSS6.8AI score0.00773EPSS
Exploits1References2
NVD
NVD
added 2025/09/05 12:15 a.m.7 views

CVE-2025-58179

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS0.00773EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.6 views

Astro 代码问题漏洞

Astro is an Astro open source web framework for content-driven websites. A code issue vulnerability exists in Astro versions 11.0.3 through 12.6.5 that stems from the presence of SSRF in the Cloudflare adapter, which could allow bypassing third-party domain restrictions...

7.2CVSS6.7AI score0.00773EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/04 11:36 p.m.1 views

CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6.1AI score0.00773EPSS
Exploits1References2
Rows per page
Query Builder