3 matches found
@ampt/astro (=0.0.1-beta.1), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +383 more potentially affected by CVE-2025-65019 via astro (>=0.20.12 <=5.15.6)
astro NPM version =0.20.12, =1.0.0, =0.5.0, =1.0.0, =0.0.17, =0.0.2, =0.0.1, =0.2.0, =0.0.0-experimental-7c2f356, =0.0.0-experimental-7c2f356, =0.5.1 - @astro-sanctuary/toolbar-drupal =0.1.1 - @astrojs/og =0.0.1 and more Source cves: CVE-2025-65019 Source advisory: OSV:GHSA-FVMW-CJ7J-J39Q...
CVE-2025-65019
creationtimestamp| type| source ---|---|--- 2025-11-19 17:25:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5yri5mqxv2k...
CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint
Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...