CVE-2026-29772
- EPSS 0.02%
- Veröffentlicht 24.03.2026 18:38:02
- Zuletzt bearbeitet 25.03.2026 21:48:16
Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse() allocates a V8 heap object for every element in the input, a ...
CVE-2026-27729
- EPSS 0.16%
- Veröffentlicht 24.02.2026 01:16:15
- Zuletzt bearbeitet 25.02.2026 15:19:42
Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-co...
CVE-2026-25545
- EPSS 0.06%
- Veröffentlicht 24.02.2026 00:37:05
- Zuletzt bearbeitet 25.02.2026 15:19:26
Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `Host:` header is changed to an attacker's server, ...