Lucene search
K

4 matches found

Nuclei
Nuclei
added 10 hours ago39 views

Astro Cloudflare Adapter - Server Side Request Forgery

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6AI score0.00773EPSS
Exploits1References3
EUVD
EUVD
added 2025/11/19 8:9 p.m.5 views

EUVD-2025-198182

Astro Cloudflare adapter has Stored Cross Site Scripting vulnerability in /image endpoint...

5.4CVSS5.7AI score0.00218EPSS
Exploits1References4
OSV
OSV
added 2025/11/19 8:9 p.m.3 views

GHSA-FVMW-CJ7J-J39Q Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

Summary A Cross-Site Scripting XSS vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint /image uses isRemoteAllowed from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receive...

5.4CVSS6.4AI score0.00218EPSS
Exploits1References4
CVE
CVE
added 2025/11/19 4:40 p.m.12 views

CVE-2025-65019

Astro CVE-2025-65019 affects the Cloudflare adapter when using output: 'server'. The image optimization endpoint /_image unconditionally allows data: URLs via isRemoteAllowed(), enabling XSS through malicious SVG payloads that the browser can execute after a 302 redirect. Affected components: @as...

6.1CVSS5.7AI score0.00218EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder