Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/06/22 5:33 p.m.31 views

CVE-2026-54299 Astro: Host-header full-read SSRF in core prerendered error-page fetch (prerenderedErrorPageFetch default + unvalidated createRequestFromNodeRequest URL)

Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming...

7.5CVSS0.00196EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/16 2:38 p.m.6 views

NPM: Astro: Host header SSRF in prerendered error page fetch

NPM: Astro: Host header SSRF in prerendered error page fetch vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...

7.5CVSS5.8AI score0.00196EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/16 2:38 p.m.11 views

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the prerenderedErrorPageFetch. An attacker can access sensitive information or interact with...

8.2CVSS5.8AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49740

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.4.6 Description Astro SSR applications using prerendered error pages, such as '/404' or '/500' with export const prerender = true, fetch these pages over HTTP at runtime during an error. The fetch URL is derived from...

7.5CVSS6AI score0.00196EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.5 views

CVE-2026-25545

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

8.6CVSS5.5AI score0.01414EPSS
Exploits1References1
NVD
NVD
added 2026/02/24 1:16 a.m.5 views

CVE-2026-25545

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

8.6CVSS0.01414EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/24 12:37 a.m.5 views

CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

6.9CVSS5.5AI score0.01414EPSS
Exploits1References3
OSV
OSV
added 2026/02/23 9:54 p.m.6 views

GHSA-QQ67-MVV5-FW3G Astro has Full-Read SSRF in error rendering via Host: header injection

Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...

8.6CVSS5.7AI score0.01414EPSS
Exploits1References6
Snyk
Snyk
added 2026/02/23 9:54 p.m.6 views

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in renderError, when custom prerendered error pages like 404.astro or 500.astro are in use. The...

8.6CVSS5.4AI score0.01414EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/23 9:54 p.m.10 views

Astro has Full-Read SSRF in error rendering via Host: header injection

Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...

8.6CVSS5.6AI score0.01414EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder