CVE-2025-64764

High CVSS: 7.1

Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s). This issue has been patched in version 5.15.8.

Vendor

Astro

Product

Astro

CWE

CWE-80

Yayın Tarihi

2025-11-19 17:15:52

Güncelleme

2025-11-20 17:54:05

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-80 Astro HIGH Astro 2025

Referanslar

https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91 https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723

Benzer Kayıtlar

Medium

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path head…

Low

CVE-2026-33769

Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path…

Medium

CVE-2026-29772

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full reque…

Medium

CVE-2026-27829

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domai…

Medium

CVE-2026-27729

Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit,…

Medium

CVE-2026-25545

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered cus…