168 matches found
CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled
Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...
CVE-2024-56159
Astro CVE-2024-56159 describes an information-disclosure vulnerability where sourcemap files for server code are published publicly during build, enabling unauthenticated access to server source. Affected: server-output (SSR) projects on Astro 5.x from 5.0.3–5.0.7 with sourcemaps enabled; fix rel...
CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled
Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...
Astro 安全漏洞
Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions 5.0.7 and earlier and 4.16.17 and earlier, which stems from a server code sourcemap file being moved to a publicly accessible folder, which allows an unauthenticated user to...
CVE-2024-56140 Bypass of CSRF Middleware in Astro
Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...
Astro 跨站请求伪造漏洞
Astro is an Astro open source web framework for content-driven websites. A cross-site request forgery vulnerability exists in Astro version 4.16.16 and earlier, which stems from a flaw in the cross-site request forgery protection middleware that allows requests to bypass CSRF checks, leaving them...
PT-2024-32873 · Astro · Astro
Name of the Vulnerable Software and Affected Versions: Astro versions 3.0.0 through 4.16.0 Description: The Astro web framework has a DOM Clobbering gadget in the client-side router. This issue can lead to cross-site scripting XSS in websites that enable Astro's client-side routing and have store...
Astro 跨站脚本漏洞
Astro is an Astro open source web framework for content-driven websites. A cross-site scripting vulnerability exists in Astro versions 3.0.0 through 4.16.1 and earlier, which stems from not properly cleaning up the name attribute on a page...