Lucene search
+L

5 matches found

euvd
euvd
added 2026/03/26 6:45 p.m.7 views

EUVD-2026-14984

Astro: Remote allowlist bypass via unanchored matchPathname wildcard...

6.3CVSS5.8AI score0.00325EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/03/26 3:16 p.m.7 views

CVE-2026-33769

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

6.3CVSS5.8AI score0.00325EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/03/24 6:44 p.m.3 views

CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for / wildcards is unanchored, so a pathname that...

6.3CVSS5.8AI score0.00325EPSS
Exploits1References1
cve
cve
added 2026/03/24 6:44 p.m.30 views

CVE-2026-33769

CVE-2026-33769 affects the Astro web framework. From version 2.10.10 up to before 5.18.1, the remotePatterns path enforcement for remote URLs used by server-side fetchers (e.g., image optimization) uses an unanchored match for /* wildcards, allowing a pathname containing the allowed prefix later ...

6.3CVSS5.8AI score0.00325EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.8 views

PT-2026-27488

Name of the Vulnerable Software and Affected Versions Astro versions 2.10.10 through 5.18.0 Description Astro’s remotePatterns path enforcement for remote URLs used by server-side fetchers, such as the image optimization endpoint, is affected by an issue. The path matching logic for / wildcards i...

6.3CVSS5.9AI score0.00325EPSS
Exploits1References5
Rows per page
Query Builder