Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday16 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS6.1AI score0.00599EPSS
Exploits1References2
Veracode
Veracode
added 2025/10/06 10:28 a.m.7 views

Server-side Request Forgery

astrojs/cloudflare is vulnerable to Server-side Request Forgery. The vulnerability is due to insufficient URL validation in the generated image optimization endpoint when the adapter is used with output: 'server' and the default imageService: 'compile', an attacker can exploit this to have the...

7.2CVSS7.1AI score0.00773EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/08/19 6:8 p.m.9 views

CVE-2025-55303 Unauthorized third-party images in Astro’s _image endpoint

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...

6.9CVSS0.00599EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/19 6:8 p.m.3 views

CVE-2025-55303 Unauthorized third-party images in Astro’s _image endpoint

Astro is a web framework for content-driven websites. In versions of astro before 5.13.2 and 4.16.18, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. On-demand rendered sites built with Astro include a...

6.9CVSS7AI score0.00599EPSS
Exploits1References2
OSV
OSV
added 2025/08/19 3:40 p.m.2 views

GHSA-XF8X-J4P2-F749 Astro allows unauthorized third-party images in _image endpoint

Summary In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. Details On-demand rendered sites built with Astro include an /image endpoint which returns optimized versions of...

6.4CVSS5.8AI score0.00599EPSS
Exploits1References4
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2016-9077

Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox 50...

7CVSS7.3AI score0.0077EPSS
Exploits0References4
Rows per page
Query Builder