2 matches found
Server-side Request Forgery
astrojs/cloudflare is vulnerable to Server-side Request Forgery. The vulnerability is due to insufficient URL validation in the generated image optimization endpoint when the adapter is used with output: 'server' and the default imageService: 'compile', an attacker can exploit this to have the...
CVE-2025-58179
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...