CVE-2025-54793
- EPSS 0.01%
- Veröffentlicht 08.08.2025 00:02:38
- Zuletzt bearbeitet 25.11.2025 15:14:31
Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users...
CVE-2024-56159
- EPSS 0.18%
- Veröffentlicht 19.12.2024 19:15:08
- Zuletzt bearbeitet 25.11.2025 13:38:29
Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files **for the...
CVE-2024-56140
- EPSS 0.11%
- Veröffentlicht 18.12.2024 21:15:08
- Zuletzt bearbeitet 25.11.2025 13:42:59
Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will...
CVE-2024-47885
- EPSS 0.91%
- Veröffentlicht 14.10.2024 19:15:10
- Zuletzt bearbeitet 25.11.2025 13:51:57
The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has *stored* attacker-c...