4 matches found
NPM: Astro: Host header SSRF in prerendered error page fetch
NPM: Astro: Host header SSRF in prerendered error page fetch vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...
CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection
Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...
GHSA-QQ67-MVV5-FW3G Astro has Full-Read SSRF in error rendering via Host: header injection
Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...
Astro has Full-Read SSRF in error rendering via Host: header injection
Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...