Lucene search
K

168 matches found

Vulnrichment
Vulnrichment
added 2024/12/19 6:58 p.m.11 views

CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

7.8CVSS6.7AI score0.01465EPSS
Exploits1References4
CVE
CVE
added 2024/12/19 6:58 p.m.79 views

CVE-2024-56159

Astro CVE-2024-56159 describes an information-disclosure vulnerability where sourcemap files for server code are published publicly during build, enabling unauthenticated access to server source. Affected: server-output (SSR) projects on Astro 5.x from 5.0.3–5.0.7 with sourcemaps enabled; fix rel...

7.8CVSS6.7AI score0.01465EPSS
In wildExploits1References4Affected Software1
OSV
OSV
added 2024/12/19 6:58 p.m.6 views

CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

7.8CVSS7AI score0.01465EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.5 views

Astro 安全漏洞

Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions 5.0.7 and earlier and 4.16.17 and earlier, which stems from a server code sourcemap file being moved to a publicly accessible folder, which allows an unauthenticated user to...

7.8CVSS6.7AI score0.01465EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/12/18 8:41 p.m.17 views

CVE-2024-56140 Bypass of CSRF Middleware in Astro

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

5.9CVSS7.1AI score0.00217EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.31 views

Astro 跨站请求伪造漏洞

Astro is an Astro open source web framework for content-driven websites. A cross-site request forgery vulnerability exists in Astro version 4.16.16 and earlier, which stems from a flaw in the cross-site request forgery protection middleware that allows requests to bypass CSRF checks, leaving them...

6.5CVSS6.5AI score0.00217EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.8 views

PT-2024-32873 · Astro · Astro

Name of the Vulnerable Software and Affected Versions: Astro versions 3.0.0 through 4.16.0 Description: The Astro web framework has a DOM Clobbering gadget in the client-side router. This issue can lead to cross-site scripting XSS in websites that enable Astro's client-side routing and have store...

5.9CVSS5.1AI score0.00408EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.6 views

Astro 跨站脚本漏洞

Astro is an Astro open source web framework for content-driven websites. A cross-site scripting vulnerability exists in Astro versions 3.0.0 through 4.16.1 and earlier, which stems from not properly cleaning up the name attribute on a page...

5.9CVSS5.9AI score0.00408EPSS
Exploits0References4
Rows per page
Query Builder