fix(deps): update dependency astro to v6 [security]#597
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
|
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
2 times, most recently
from
caf7ead to
db2fdb2
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
from
db2fdb2 to
85ef2f2
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
2 times, most recently
from
5623716 to
c3abd26
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
2 times, most recently
from
03e5f4e to
6a1a6e8
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
2 times, most recently
from
c988086 to
47f60f3
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
3 times, most recently
from
0459724 to
48c6c1d
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
6 times, most recently
from
a22010c to
b04f481
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
2 times, most recently
from
0d488d0 to
ce636c4
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
from
ce636c4 to
baf357b
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
from
baf357b to
be9ffb1
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
from
be9ffb1 to
143434e
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
3 times, most recently
from
e4d0b26 to
ae7a145
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
from
ae7a145 to
5a66abb
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
from
5a66abb to
a0353bb
Compare
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
3 times, most recently
from
baca975 to
d4f6ef4
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
3 times, most recently
from
4256331 to
0185792
Compare
renovate
Bot
force-pushed
the
renovate/npm-astro-vulnerability
branch
from
0185792 to
344fd4f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^5.1.2→^6.0.0Astro development server error page is vulnerable to reflected Cross-site Scripting
CVE-2025-64745 / GHSA-w2vj-39qv-7vh7
More information
Details
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server error pages when the
trailingSlashconfiguration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this vulnerability only affects the development server and not production builds, it could be exploited to compromise developer environments through social engineering or malicious links.Details
Vulnerability Location
https://github.com/withastro/astro/blob/5bc37fd5cade62f753aef66efdf40f982379029a/packages/astro/src/template/4xx.ts#L133-L149
Root Cause
The vulnerability was introduced in commit
536175528(PR #12994) , as part of a feature to "redirect trailing slashes on on-demand rendered pages." The feature added a helpful 404 error page in development mode to alert developers of trailing slash mismatches.Issue: The
correctedvariable, which is derived from the user-controlledpathnameparameter, is directly interpolated into the HTML without proper escaping. While thepathnamevariable itself is escaped elsewhere in the same file (line 114:escape(pathname)), thecorrectedvariable is not sanitized before being inserted into both thehrefattribute and the link text.Attack Vector
When a developer has configured
trailingSlashto'always'or'never'and visits a URL with a mismatched trailing slash, the development server returns a 404 page containing the vulnerable template. An attacker can craft a URL with JavaScript payloads that will be executed when the page is rendered.PoC
Local Testing (localhost)
Basic vulnerability verification in local development environment
Show details
astro.config.mjs:package.json:{ "name": "astro-xss-poc-victim", "version": "0.1.0", "scripts": { "dev": "astro dev" }, "dependencies": { "astro": "5.15.5" } }Start the development server:
Access the following malicious URL depending on your configuration:
For
trailingSlash: 'never'(requires trailing slash):For
trailingSlash: 'always'(no trailing slash):When accessing the malicious URL:
alert(document.domain)) executes in the browserRemote Testing (ngrok)
Reproduce realistic attack scenario via external malicious link
Show details
Prerequisites: ngrok account and authtoken configured (
ngrok config add-authtoken <key>)Setup and Execution:
When a remote user accesses either of the generated attack URLs:
alert(document.domain)) executes in the user's browserBoth URL patterns work depending on your
trailingSlashconfiguration ('never' or 'always').Impact
This only affects the development server. Risk depends on how and where the dev server is exposed.
Security impact
localhostendpoints or dev tools depending on browser policies.Attack scenarios
Severity
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass
CVE-2025-64525 / GHSA-hr2q-hp5q-x767
More information
Details
Summary
In impacted versions of Astro using on-demand rendering, request headers
x-forwarded-protoandx-forwarded-portare insecurely used, without sanitization, to build the URL. This has several consequences the most important of which are:x-forwarded-proto)x-forwarded-proto)Details
The
x-forwarded-protoandx-forwarded-portheaders are used without sanitization in two parts of the Astro server code. The most important is in thecreateRequest()function. Any configuration, including the default one, is affected:https://github.com/withastro/astro/blob/970ac0f51172e1e6bff4440516a851e725ac3097/packages/astro/src/core/app/node.ts#L97
https://github.com/withastro/astro/blob/970ac0f51172e1e6bff4440516a851e725ac3097/packages/astro/src/core/app/node.ts#L121
These header values are then used directly to construct URLs.
By injecting a payload at the protocol level during URL creation (via the
x-forwarded-protoheader), the entire URL can be rewritten, including the host, port and path, and then pass the rest of the URL, the real hostname and path, as a query so that it doesn't affect (re)routing.If the following header value is injected when requesting the path
/ssr:The complete URL that will be created is:
https://www.malicious-url.com/?tank=://localhost/ssrAs a reminder, URLs are created like this:
The value is injected at the beginning of the string (
${protocol}), and ends with a query?tank=whose value is the rest of the string,://${hostnamePort}${req.url}.This way there is control over the routing without affecting the path, and the URL can be manipulated arbitrarily. This behavior can be exploited in various ways, as will be seen in the PoC section.
The same logic applies to
x-forwarded-port, with a few differences.PoC
The PoC will be tested with a minimal repository:
2.16.0)/ssr), the other simulating an admin page (/admin) protected by a middlewareDownload the PoC repository
Middleware-based protected route bypass - x-forwarded-proto only
The middleware has been configured to protect the
/adminroute based on the official documentation:When tryint to access
/adminthe attacker is naturally redirected :The attackr can bypass the middleware path check using a malicious header value:
curl -i -H "x-forwarded-proto: x:admin?" http://localhost:4321/adminHow is this possible?
Here, with the payload
x:admin?, the attacker can use the URL API parser to their advantage:x:is considered the protocol//, the parser considers there to be no authority, and everything before the?character is therefore considered part of the path:adminDuring a path-based middleware check, the path value begins with a
/:context.url.pathname === "/admin". However, this is not the case with this payload;context.url.pathname === "admin", the absence of a slash satisfies both the middleware check and the router and consequently allows us to bypass the protection and access the page.SSRF
As seen, the request URL is built from untrusted input via the
x-forwarded-protocolheader, if it turns out that this URL is subsequently used to perform external network calls, for an API for example, this allows an attacker to supply a malicious URL that the server will fetch, resulting in server-side request forgery (SSRF).Example of code reusing the "origin" URL, concatenating it to the API endpoint :
DoS via cache poisoning
If a CDN is present, it is possible to force the caching of bad pages/resources, or 404 pages on the application routes, rendering the application unusable.
A
404cab be forced, causing an error on the/ssrpage like this :curl -i -H "x-forwarded-proto: https://localhost/vulnerable?" http://localhost:4321/ssrSame logic applies to
x-forwarded-port:curl -i -H "x-forwarded-port: /vulnerable?" http://localhost:4321/ssrHow is this possible?
The router sees the request for the path
/vulnerable, which does not exist, and therefore returns a404, while the potential CDN sees/ssrand can then cache the404response, consequently serving it to all users requesting the path/ssr.URL pollution
The exploitability of the following is also contingent on the presence of a CDN, and is therefore cache poisoning.
If the value of
request.urlis used to create links within the page, this can lead to Stored XSS withx-forwarded-protoand the following value:results in the following URL object:
It is also possible to inject any link, always, if the value of
request.urlis used on the server side to create links.The attacker is more limited with
x-forwarded-portIf the value of
request.urlis used to create links within the page, this can lead to broken links, with the header and the following value:Example of an Astro website:
WAF bypass
For this section, Astro invites users to read previous research on the React-Router/Remix framework, in the section "Exploitation - WAF bypass and escalations". This research deals with a similar case, the difference being that the vulnerable header was
x-forwarded-hostin their case:https://zhero-web-sec.github.io/research-and-things/react-router-and-the-remixed-path
Note: A section addressing DoS attacks via cache poisoning using the same vector was also included there.
CVE-2025-61925 complete bypass
It is possible to completely bypass the vulnerability patch related to the
X-Forwarded-Hostheader.By sending
x-forwarded-hostwith an empty value, theforwardedHostnamevariable is assigned an empty string. Then, during the subsequent check, the condition fails becauseforwardedHostnamereturnsfalse, its value being an empty string:Consequently, the implemented check is bypassed. From this point on, since the request has no
host(its value being an empty string), the path value is retrieved by the URL parser to set it as thehost. This is because thehttp/httpsschemes are considered special schemes by the WHATWG URL Standard Specification, requiring anauthority state.From there, the following request on the example SSR application (astro repo) yields an SSRF:
empty
x-forwarded-host+ the targethostin the pathCredits
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Astro vulnerable to reflected XSS via the server islands feature
CVE-2025-64764 / GHSA-wrwg-2hg8-v723
More information
Details
Summary
After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s).
Details
Server islands run in their own isolated context outside of the page request and use the following pattern path to hydrate the page:
/_server-islands/[name]. These paths can be called via GET or POST and use three parameters:e: component to exportp: the transmitted properties, encrypteds: for the slotsSlots are placeholders for external HTML content, and therefore allow, by default, the injection of code if the component template supports it, nothing exceptional in principle, just a feature.
This is where it becomes problematic: it is possible, independently of the component template used, even if it is completely empty, to inject a slot containing an XSS payload, whose parent is a tag whose name is is the absolute path of the island file. Enabling reflected XSS on any application, regardless of the component templates used, provided that the server islands is used at least once.
How ?
By default, when a call is made to the endpoint
/_server-islands/[name], the value of the parametereisdefault, pointing to a function exported by the component's module.Upon further investigation, we find that two other values are possible for the component export (param
e) in a typical configuration:urlandfile.filereturns a string value corresponding to the absolute path of the island file. Since the value is of typestring, it fulfills the following condition and leads to this code block:An entire template is created, completely independently, and then returned:
childSlots, the value provided to thesparameter, is injected as a childAll of this is done using
markHTMLString. This allows the injection of any XSS payload, even if the component template intended by the application is initially empty or does not provide for the use of slots.Proof of concept
For our Proof of Concept (PoC), we will use a minimal repository:
Download the PoC repository
Access the following URL and note the opening of the popup, demonstrating the reflected XSS:
http://localhost:4321/_server-islands/ServerTime?e=file&p=&s={%22zhero%22:%22%3Cimg%20src=x%20onerror=alert(0)%3E%22}
The value of the parameter
smust be in JSON format and the payload must be injected at the value level, not the key level :Despite the initial template being empty, it is created because the value of the URL parameter
eis set tofile, as explained earlier. The parent tag is the name of the component's internal route, and its child is the value of the key "zhero" (the name doesn't matter) of the URL parameters.Credits
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
CVE-2025-64765 / GHSA-ggxq-hp9w-j794
More information
Details
A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies
decodeURI()to determine which route to render, while the middleware usescontext.url.pathnamewithout applying the same normalization (decodeURI).This discrepancy may allow attackers to reach protected routes (e.g., /admin) using encoded path variants that pass routing but bypass validation checks.
https://github.com/withastro/astro/blob/ebc4b1cde82c76076d5d673b5b70f94be2c066f3/packages/astro/src/vite-plugin-astro-server/request.ts#L40-L44
Consider an application having the following middleware code:
context.url.pathnameis validated , if it's equal to/admintheisAuthedproperty must be true for the next() method to be called. The same example can be found in the official docs https://docs.astro.build/en/guides/authentication/context.url.pathnamereturns the raw version which is/%61adminwhile pathname which is used for routing/rendering/admin, this creates a path normalization mismatch.By sending the following request, it's possible to bypass the middleware check
Remediation
Ensure middleware context has the same normalized pathname value that Astro uses internally, because any difference could allow it to bypass such checks. In short maybe something like this
pathname = decodeURI(url.pathname); } // Add config.base back to url before passing it to SSR - url.pathname = removeTrailingForwardSlash(config.base) + url.pathname; + url.pathname = removeTrailingForwardSlash(config.base) + decodeURI(url.pathname);Thank you, let @Sudistark know if any more info is needed. Happy to help :)
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
CVE-2025-65019 / GHSA-fvmw-cj7j-j39q
More information
Details
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Astro when using the @astrojs/cloudflare adapter with
output: 'server'. The built-in image optimization endpoint (/_image) usesisRemoteAllowed()from Astro’s internal helpers, which unconditionally allowsdata:URLs. When the endpoint receives a validdata:URL pointing to a malicious SVG containing JavaScript, and the Cloudflare-specific implementation performs a 302 redirect back to the originaldata:URL, the browser directly executes the embedded JavaScript. This completely bypasses any domain allow-listing (image.domains/image.remotePatterns) and typical Content Security Policy mitigations.Affected Versions
@astrojs/cloudflare≤ 12.6.10 (and likely all previous versions)output: 'server'and the Cloudflare adapterRoot Cause – Vulnerable Code
File:
node_modules/@​astrojs/internal-helpers/src/remote.tsIn the Cloudflare adapter, the
/_imageendpoint contains logic similar to:Because
data:URLs are considered “allowed”, a request such as:https://example.com/_image?href=data:image/svg+xml;base64,PHN2Zy... (base64-encoded malicious SVG)triggers a 302 redirect directly to the
data:URL, causing the browser to render and execute the malicious JavaScript inside the SVG.Proof of Concept (PoC)
output: 'server').(Base64 decodes to:
<svg xmlns="http://www.w3.org/2000/svg"><script>alert('zomasec')</script></svg>)data:URL → browser executes the<script>→alert()fires.Impact
image.domains/image.remotePatternsconfiguration entirelySafe vs Vulnerable Behavior
Other Astro adapters (Node, Vercel, etc.) typically proxy and rasterize SVGs, stripping JavaScript. The Cloudflare adapter currently redirects to remote resources (including
data:URLs), making it uniquely vulnerable.References
data:URL bypass in WordPress: CVE-2025-2575Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
CVE-2025-66202 / GHSA-whqg-ppgf-wp8c
More information
Details
Authentication Bypass via Double URL Encoding in Astro
Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794
Summary
A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 (single URL encoding) was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs like
/%2561dmininstead of/%61dmin, attackers can still bypass authentication and access protected resources such as/admin,/api/internal, or any route protected by middleware pathname checks.Fix
A more secure fix is just decoding once, then if the request has a %xx format, return a 400 error by using something like :
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Astro: Remote allowlist bypass via unanchored matchPathname wildcard
CVE-2026-33769 / GHSA-g735-7g2w-hh3f
More information
Details
Summary
This issue concerns Astro's
remotePatternspath enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for/*wildcards is unanchored, so a pathname that contains the allowed prefix later in the path can still match. As a result, an attacker can fetch paths outside the intended allowlisted prefix on an otherwise allowed host. In our PoC, both the allowed path and a bypass path returned 200 with the same SVG payload, confirming the bypass.Impact
Attackers can fetch unintended remote resources on an allowlisted host via the image endpoint, expanding SSRF/data exposure beyond the configured path prefix.
Description
Taint flow: request ->
transform.src->isRemoteAllowed()->matchPattern()->matchPathname()User-controlled
hrefis parsed intotransform.srcand validated viaisRemoteAllowed():Source: https://github.com/withastro/astro/blob/e0f1a2b3e4bc908bd5e148c698efb6f41a42c8ea/packages/astro/src/assets/endpoint/generic.ts#L43-L56
isRemoteAllowed()checks eachremotePatternviamatchPattern():Source: https://github.com/withastro/astro/blob/e0f1a2b3e4bc908bd5e148c698efb6f41a42c8ea/packages/internal-helpers/src/remote.ts#L15-L21
The vulnerable logic in
matchPathname()usesreplace()without anchoring the prefix for/*patterns:Source: https://github.com/withastro/astro/blob/e0f1a2b3e4bc908bd5e148c698efb6f41a42c8ea/packages/internal-helpers/src/remote.ts#L85-L99
Vulnerable code flow:
isRemoteAllowed()evaluatesremotePatternsfor a requested URL.matchPathname()handlespathname: "/img/*"using.replace()on the URL path./evil/img/secretincorrectly matches because/img/is removed even when it's not at the start.PoC
The PoC starts a local attacker server and configures remotePatterns to allow only
/img/*. It then requests the image endpoint with two URLs: an allowed path and a bypass path with/img/in the middle. Both requests returned the SVG payload, showing the path restriction was bypassed.Vulnerable config
Affected pages
This PoC targets the
/_imageendpoint directly; no additional pages are required.PoC Code
Attacker server
PoC Steps
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:PReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Astro: XSS in define:vars via incomplete </script> tag sanitization
CVE-2026-41067 / GHSA-j687-52p2-xcff
More information
Details
Summary
The
defineScriptVarsfunction in Astro's server-side rendering pipeline uses a case-sensitive regex/<\/script>/gto sanitize values injected into inline<script>tags via thedefine:varsdirective. HTML parsers close<script>elements case-insensitively and also accept whitespace or/before the closing>, allowing an attacker to bypass the sanitization with payloads like</Script>,</script >, or</script/>and inject arbitrary HTML/JavaScript.Details
The vulnerable function is
defineScriptVarsatpackages/astro/src/runtime/server/render/util.ts:42-53:This function is called from
renderElementatutil.ts:172-174when a<script>element hasdefine:vars:The regex
/<\/script>/gfails to match three classes of closing script tags that HTML parsers accept per the HTML specification §13.2.6.4:</Script>,</SCRIPT>,</sCrIpT>— HTML tag names are case-insensitive but the regex has noiflag.>:</script >,</script\t>,</script\n>— after the tag name, the HTML tokenizer enters the "before attribute name" state on ASCII whitespace.</script/>— the tokenizer enters "self-closing start tag" state on/.JSON.stringify()does not escape<,>, or/characters, so all these payloads pass through serialization unchanged.Execution flow: User-controlled input (e.g.,
Astro.url.searchParams) → assigned to a variable → passed viadefine:varson a<script>tag →renderElement→defineScriptVars→ incomplete sanitization → injected into<script>block in HTML response → browser closes the script element early → attacker-controlled HTML parsed and executed.PoC
Step 1: Create an SSR Astro page (
src/pages/index.astro):Step 2: Ensure SSR is enabled in
astro.config.mjs:Step 3: Start the dev server and visit:
Step 4: View the HTML source. The output contains:
The browser's HTML parser matches
</Script>case-insensitively, closing the script block. The<img onerror=alert(document.cookie)>is then parsed as HTML and the JavaScript inonerrorexecutes.Alternative bypass payloads:
Impact
An attacker can execute arbitrary JavaScript in the context of a victim's browser session on any SSR Astro application that passes request-derived data to
define:varson a<script>tag. This is a documented and expected usage pattern in Astro.Exploitation enables:
document.cookie)The vulnerability affects all Astro versions that support
define:varsand is exploitable in any SSR deployment where user input reaches adefine:varsscript variable.Recommended Fix
Replace the case-sensitive exact-match regex with a comprehensive escape that covers all HTML parser edge cases. The simplest correct fix is to escape all
<characters in the JSON output:This is the standard approach used by frameworks like Next.js and Rails. Replacing every
<with\u003cis safe inside JSON string contexts (JavaScript treats\u003cas<at runtime) and eliminates all possible</script>variants including case variations, whitespace, and self-closing forms.Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Astro: Server island encrypted parameters vulnerable to cross-component replay
CVE-2026-45028 / GHSA-xr5h-phrj-8vxv
More information
Details
Impact
Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props (
p) value as another component's slots (s) value, or vice versa.Since slots contain raw unescaped HTML while props may contain user-controlled values, this could lead to XSS in applications that meet all of the following conditions:
These conditions are very unlikely to occur in real-world production applications.
Patches
This has been patched in astro@6.1.10.
The fix binds each encrypted parameter to its target component and purpose using AES-GCM authenticated additional data (AAD). Each ciphertext now includes context like
props:IslandNameorslots:IslandName, so encrypted data for one component cannot be replayed against a different component, and encrypted props cannot be reused as slots.References
Severity
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:PReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
withastro/astro (astro)
v6.1.10Compare Source
Patch Changes
#16479
1058428Thanks @matthewp! - Fixes a spurious[WARN] [content] Content config not loadedwarning duringastro devfor projects that don't use content collections#16457
3d82220Thanks @matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one#16481
152700eThanks @matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap duringastro devcaused by the browser mis-resolving a relativesourceMappingURLfrom the/@​id/URL prefix#16480
1bcb43bThanks @matthewp! - Fixes an unnecessary full page reload on first navigation during devv6.1.9Compare Source
Patch Changes
#16448
99464edThanks @matthewp! - Updates vite, picomatch, and unstorage to latest patch versions#16422
a3951d7Thanks @matthewp! - Hardensastro-islandexport resolution and hydration error handling for malformed component metadata#16420
e21de1dThanks @matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation#16419
f3485c3Thanks @matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding#16022
a002540Thanks @mathieumaf! - Fixes an issue where i18n domains would return 404 whentrailingSlashis set tonever.Updated dependencies [
99464ed,f3485c3]:v6.1.8Compare Source
Patch Changes
#16367
a6866a7Thanks @ematipico! - Fixes an issue where build output files could contain special characters (!,~,{,}) in their names, causing deploy failures on platforms like Netlify.#16381
217c5b3Thanks @ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.#16348
7d26cd7Thanks @ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.#16317
d012bfeThanks @das-peter! - Fixes a bug whereallowedDomainsweren't correctly propagated when using the development server.#16379
5a84551Thanks [Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.