Skip to content

fix(deps): update dependency astro to v4.16.19 [security] #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wkillerud merged 1 commit into from
Aug 27, 2025
Merged

fix(deps): update dependency astro to v4.16.19 [security] #23

wkillerud merged 1 commit into from
Aug 27, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 14, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
astro (source) 4.15.9 -> 4.16.19 age confidence

GitHub Vulnerability Alerts

CVE-2024-47885

Summary

A DOM Clobbering gadget has been discoverd in Astro's client-side router. It can lead to cross-site scripting (XSS) in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements (i.e., iframe tags with unsanitized name attributes) on the destination pages.

Details

Backgrounds

DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. More for information about DOM Clobbering, here are some references:

[1] https://scnps.co/papers/sp23_domclob.pdf
[2] https://research.securitum.com/xss-in-amp4email-dom-clobbering/

Gadgets found in Astro

We identified a DOM Clobbering gadget in Astro's client-side routing module, specifically in the <ViewTransitions /> component. When integrated, this component introduces the following vulnerable code, which is executed during page transitions (e.g., clicking an <a> link):

https://github.com/withastro/astro/blob/7814a6cad15f06931f963580176d9b38aa7819f2/packages/astro/src/transitions/router.ts#L135-L156

However, this implementation is vulnerable to a DOM Clobbering attack. The document.scripts lookup can be shadowed by an attacker injected non-script HTML elements (e.g., <img name="scripts"><img name="scripts">) via the browser's named DOM access mechanism. This manipulation allows an attacker to replace the intended script elements with an array of attacker-controlled scriptless HTML elements.

The condition script.dataset.astroExec === '' on line 138 can be bypassed because the attacker-controlled element does not have a data-astroExec attribute. Similarly, the check on line 134 can be bypassed as the element does not require a type attribute.

Finally, the innerHTML of an attacker-injected non-script HTML elements, which is plain text content before, will be set to the .innerHTML of an script element that leads to XSS.

PoC

Consider a web application using Astro as the framework with client-side routing enabled and allowing users to embed certain scriptless HTML elements (e.g., form or iframe). This can be done through a bunch of website's feature that allows users to embed certain script-less HTML (e.g., markdown renderers, web email clients, forums) or via an HTML injection vulnerability in third-party JavaScript loaded on the page.

For PoC website, please refer to: https://stackblitz.com/edit/github-4xgj2d. Clicking the "about" button in the menu will trigger an alert(1) from an attacker-injected form element.

---
import Header from "../components/Header.astro";
import Footer from "../components/Footer.astro";
import { ViewTransitions } from "astro:transitions";
import "../styles/global.css";
const { pageTitle } = Astro.props;
---
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
    <meta name="viewport" content="width=device-width" />
    <meta name="generator" content={Astro.generator} />
    <title>{pageTitle}</title>
    <ViewTransitions />
  </head>
  <body>
    <!--USER INPUT-->
    <iframe name="scripts">alert(1)</iframe>
    <iframe name="scripts">alert(1)</iframe>
    <!--USER INPUT-->
    
    <Header />
    <h1>{pageTitle}</h1>
    <slot />
    <Footer />
    <script>
      import "../scripts/menu.js";
    </script>
  </body>
</html>

Impact

This vulnerability can result in cross-site scripting (XSS) attacks on websites that built with Astro that enable the client-side routing with ViewTransitions and store the user-inserted scriptless HTML tags without properly sanitizing the name attributes on the page.

Patch

We recommend replacing document.scripts with document.getElementsByTagName('script') for referring to script elements. This will mitigate the possibility of DOM Clobbering attacks leveraging the name attribute.

Reference

Similar issues for reference:

CVE-2024-56140

Summary

A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks.

Details

When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. (Source code: https://github.com/withastro/astro/blob/6031962ab5f56457de986eb82bd24807e926ba1b/packages/astro/src/core/app/middlewares.ts)

For example, with the following Astro configuration:

// astro.config.mjs
import { defineConfig } from 'astro/config';
import node from '@&#8203;astrojs/node';

export default defineConfig({
	output: 'server',
	security: { checkOrigin: true },
	adapter: node({ mode: 'standalone' }),
});

A request like the following would be blocked if made from a different origin:

// fetch API or <form action="https://test.example.com/" method="POST">
fetch('https://test.example.com/', {
	method: 'POST',
	credentials: 'include',
	body: 'a=b',
	headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
});
// => Cross-site POST form submissions are forbidden

However, a vulnerability exists that can bypass this security.

Pattern 1: Requests with a semicolon after the Content-Type

A semicolon-delimited parameter is allowed after the type in Content-Type.

Web browsers will treat a Content-Type such as application/x-www-form-urlencoded; abc as a simple request and will not perform preflight validation. In this case, CSRF is not blocked as expected.

fetch('https://test.example.com', {
	method: 'POST',
	credentials: 'include',
	body: 'test',
	headers: { 'Content-Type': 'application/x-www-form-urlencoded; abc' },
});
// => Server-side functions are executed (Response Code 200).

Pattern 2: Request without Content-Type header

The Content-Type header is not required for a request. The following examples are sent without a Content-Type header, resulting in CSRF.

// Pattern 2.1 Request without body
fetch('http://test.example.com', { method: 'POST', credentials: 'include' });

// Pattern 2.2 Blob object without type
fetch('https://test.example.com', {
	method: 'POST',
	credentials: 'include',
	body: new Blob(['a=b'], {}),
});

Impact

Bypass CSRF protection implemented with CSRF middleware.

Note

Even with credentials: 'include', browsers may not send cookies due to third-party cookie blocking. This feature depends on the browser version and settings, and is for privacy protection, not as a CSRF measure.

CVE-2024-56159

Summary

A bug in the build process allows any unauthenticated user to read parts of the server source code.

Details

During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder.
https://github.com/withastro/astro/blob/176fe9f113fd912f9b61e848b00bbcfecd6d5c2c/packages/astro/src/core/build/static-build.ts#L139

Any outside party can read them with an unauthorized HTTP GET request to the same server hosting the rest of the website.

While some server files are hashed, making their access obscure, the files corresponding to the file system router (those in src/pages) are predictably named. For example. the sourcemap file for src/pages/index.astro gets named dist/client/pages/index.astro.mjs.map.

PoC

Here is one example of an affected open-source website:
https://creatorsgarten.org/pages/index.astro.mjs.map

The file can be saved and opened using https://evanw.github.io/source-map-visualization/ to reconstruct the source code.

The above accurately mirrors the source code as seen in the repository: https://github.com/creatorsgarten/creatorsgarten.org/blob/main/src/pages/index.astro

The above was found as the 4th result (and the first one on Astro 5.0+) when making the following search query on GitHub.com (search results link):

path:astro.config.mjs @&#8203;sentry/astro

This vulnerability is the root cause of https://github.com/withastro/astro/issues/12703, which links to a simple stackblitz project demonstrating the vulnerability. Upon build, notice the contents of the dist/client (referred to as config.build.client in astro code) folder. All astro servers make the folder in question accessible to the public internet without any authentication. It contains .map files corresponding to the code that runs on the server.

Impact

All server-output (SSR) projects on Astro 5 versions v5.0.3 through v5.0.6 (inclusive), that have sourcemaps enabled, either directly or through an add-on such as sentry, are affected. The fix for server-output projects was released in [email protected].

Additionally, all static-output (SSG) projects built using Astro 4 versions 4.16.17 or older, or Astro 5 versions 5.0.7 or older, that have sourcemaps enabled are also affected. The fix for static-output projects was released in [email protected], and backported to Astro v4 in [email protected].

The immediate impact is limited to source code. Any secrets or environment variables are not exposed unless they are present verbatim in the source code.

There is no immediate loss of integrity within the the vulnerable server. However, it is possible to subsequently discover another vulnerability via the revealed source code .

There is no immediate impact to availability of the vulnerable server. However, the presence of an unsafe regular expression, for example, can quickly be exploited to subsequently compromise the availability.

  • Network attack vector.
  • Low attack complexity.
  • No privileges required.
  • No interaction required from an authorized user.
  • Scope is limited to first party. Although the source code of closed-source third-party software may also be exposed.

Remediation

The fix for server-output projects was released in [email protected], and the fix for static-output projects was released in [email protected] and backported to Astro v4 in [email protected]. Users are advised to update immediately if they are using sourcemaps or an integration that enables sourcemaps.

CVE-2025-55303

Summary

In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served.

Details

On-demand rendered sites built with Astro include an /_image endpoint which returns optimized versions of images.

The /_image endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the image.domains or image.remotePatterns options).

However, a bug in impacted versions of astro allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. /_image?href=//example.com/image.png.

Proof of Concept

  1. Create a new minimal Astro project ([email protected]).

  2. Configure it to use the Node adapter (@astrojs/[email protected] — newer versions are not impacted):

    // astro.config.mjs
import { defineConfig } from 'astro/config';
import node from '@&#8203;astrojs/node';

export default defineConfig({
	adapter: node({ mode: 'standalone' }),
});

  3. Build the site by running astro build.

  4. Run the server, e.g. with astro preview.

  5. Append /_image?href=//placehold.co/600x400 to the preview URL, e.g. http://localhost:4321/_image?href=//placehold.co/600x400

  6. The site will serve the image from the unauthorized placehold.co origin.

Impact

Allows a non-authorized third-party to create URLs on an impacted site’s origin that serve unauthorized image content.
In the case of SVG images, this could include the risk of cross-site scripting (XSS) if a user followed a link to a maliciously crafted SVG.

Release Notes

withastro/astro (astro)

v4.16.19

Compare Source

Patch Changes

v4.16.18

Compare Source

Patch Changes

v4.16.17

Compare Source

Patch Changes

v4.16.16

Compare Source

Patch Changes

v4.16.15

Compare Source

Patch Changes

v4.16.14

Compare Source

Patch Changes

v4.16.13

Compare Source

Patch Changes

  • #​12436 453ec6b Thanks @​martrapp! - Fixes a potential null access in the clientside router

  • #​12392 0462219 Thanks @​apatel369! - Fixes an issue where scripts were not correctly injected during the build. The issue was triggered when there were injected routes with the same entrypoint and different pattern

v4.16.12

Compare Source

Patch Changes
  • #​12420 acac0af Thanks @​ematipico! - Fixes an issue where the dev server returns a 404 status code when a user middleware returns a valid Response.

v4.16.11

Compare Source

Patch Changes

v4.16.10

Compare Source

Patch Changes

v4.16.9

Compare Source

Patch Changes

v4.16.8

Compare Source

Patch Changes

v4.16.7

Compare Source

Patch Changes

v4.16.6

Compare Source

Patch Changes

  • #​11823 a3d30a6 Thanks @​DerTimonius! - fix: improve error message when inferSize is used in local images with the Image component

  • #​12227 8b1a641 Thanks @​florian-lefebvre! - Fixes a case where environment variables would not be refreshed when using astro:env

  • #​12239 2b6daa5 Thanks @​ematipico! - BREAKING CHANGE to the experimental Container API only

    Changes the default page rendering behavior of Astro components in containers, and adds a new option partial: false to render full Astro pages as before.

    Previously, the Container API was rendering all Astro components as if they were full Astro pages containing <!DOCTYPE html> by default. This was not intended, and now by default, all components will render as page partials: only the contents of the components without a page shell.

    To render the component as a full-fledged Astro page, pass a new option called partial: false to renderToString() and renderToResponse():

    import { experimental_AstroContainer as AstroContainer } from 'astro/container';
import Card from '../src/components/Card.astro';

const container = AstroContainer.create();

await container.renderToString(Card); // the string will not contain `<!DOCTYPE html>`
await container.renderToString(Card, { partial: false }); // the string will contain `<!DOCTYPE html>`

v4.16.5

Compare Source

Patch Changes

v4.16.4

Compare Source

Patch Changes

  • #​12223 79ffa5d Thanks @​ArmandPhilippot! - Fixes a false positive reported by the dev toolbar Audit app where a label was considered missing when associated with a button

    The button element can be used with a label (e.g. to create a switch) and should not be reported as an accessibility issue when used as a child of a label.

  • #​12199 c351352 Thanks @​ematipico! - Fixes a regression in the computation of Astro.currentLocale

  • #​12222 fb55695 Thanks @​ematipico! - Fixes an issue where the edge middleware couldn't correctly compute the client IP address when calling ctx.clientAddress()

v4.16.3

Compare Source

Patch Changes

v4.16.2

Compare Source

Patch Changes

v4.16.1

Compare Source

Patch Changes

v4.16.0

Compare Source

Minor Changes

  • #​12039 710a1a1 Thanks @​ematipico! - Adds a markdown.shikiConfig.langAlias option that allows aliasing a non-supported code language to a known language. This is useful when the language of your code samples is not a built-in Shiki language, but you want your Markdown source to contain an accurate language while also displaying syntax highlighting.

    The following example configures Shiki to highlight cjs code blocks using the javascript syntax highlighter:

    import { defineConfig } from 'astro/config';

export default defineConfig({
  markdown: {
    shikiConfig: {
      langAlias: {
        cjs: 'javascript',
      },
    },
  },
});

    Then in your Markdown, you can use the alias as the language for a code block for syntax highlighting:

    ```cjs
'use strict';

function commonJs() {
  return 'I am a commonjs file';
}
```

  • #​11984 3ac2263 Thanks @​chaegumi! - Adds a new build.concurrency configuration option to specify the number of pages to build in parallel

    In most cases, you should not change the default value of 1.

    Use this option only when other attempts to reduce the overall rendering time (e.g. batch or cache long running tasks like fetch calls or data access) are not possible or are insufficient.

    Use this option only if the refactors are not possible. If the number is set too high, the page rendering may slow down due to insufficient memory resources and because JS is single-threaded.

    [!WARNING]
    This feature is stable and is not considered experimental. However, this feature is only intended to address difficult performance issues, and breaking changes may occur in a minor release to keep this option as performant as possible.

    // astro.config.mjs
import { defineConfig } from 'astro';

export default defineConfig({
  build: {
    concurrency: 2,
  },
});
Patch Changes

  • #​12160 c6fd1df Thanks @​louisescher! - Fixes a bug where astro.config.mts and astro.config.cts weren't reloading the dev server upon modifications.

  • #​12130 e96bcae Thanks @​thehansys! - Fixes a bug in the parsing of x-forwarded-\* Request headers, where multiple values assigned to those headers were not correctly parsed.

    Now, headers like x-forwarded-proto: https,http are correctly parsed.

  • #​12147 9db755a Thanks @​ascorbic! - Skips setting statusMessage header for HTTP/2 response

    HTTP/2 doesn't support status message, so setting this was logging a warning.

  • #​12151 bb6d37f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale wasn't incorrectly computed when the defaultLocale belonged to a custom locale path.

  • Updated dependencies [710a1a1]:

v4.15.12

Compare Source

Patch Changes

v4.15.11

Compare Source

Patch Changes

  • #​12097 11d447f Thanks @​ascorbic! - Fixes error where references in content layer schemas sometimes incorrectly report as missing

  • #​12108 918953b Thanks @​lameuler! - Fixes a bug where data URL images were not correctly handled. The bug resulted in an ENAMETOOLONG error.

  • #​12105 42037f3 Thanks @​ascorbic! - Returns custom statusText that has been set in a Response

  • #​12109 ea22558 Thanks @​ematipico! - Fixes a regression that was introduced by an internal refactor of how the middleware is loaded by the Astro application. The regression was introduced by #​11550.

    When the edge middleware feature is opted in, Astro removes the middleware function from the SSR manifest, and this wasn't taken into account during the refactor.

  • #​12106 d3a74da Thanks @​ascorbic! - Handles case where an immutable Response object is returned from an endpoint

  • #​12090 d49a537 Thanks @​markjaquith! - Server islands: changes the server island HTML placeholder comment so that it is much less likely to get removed by HTML minifiers.

v4.15.10

Compare Source

Patch Changes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from cc84c6f to 1ece95c Compare December 2, 2024 08:34
@renovate renovate bot changed the title fix(deps): update dependency astro to v4.16.1 [security] fix(deps): update dependency astro to v4.16.1 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-astro-vulnerability branch December 8, 2024 18:38
@renovate renovate bot changed the title fix(deps): update dependency astro to v4.16.1 [security] - autoclosed fix(deps): update dependency astro to v4.16.1 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch 2 times, most recently from 1ece95c to a0af517 Compare December 9, 2024 00:17
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from a0af517 to c77e253 Compare December 18, 2024 16:30
@renovate renovate bot changed the title fix(deps): update dependency astro to v4.16.1 [security] fix(deps): update dependency astro to v4.16.17 [security] Dec 18, 2024
@renovate renovate bot changed the title fix(deps): update dependency astro to v4.16.17 [security] fix(deps): update dependency astro to v4.16.18 [security] Dec 19, 2024
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from c77e253 to 83aa190 Compare December 19, 2024 19:16
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch 2 times, most recently from 0b3b86b to 7caa3b9 Compare January 30, 2025 16:55
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from 7caa3b9 to 4f8e8a9 Compare February 9, 2025 13:07
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from 4f8e8a9 to 62c1bad Compare March 3, 2025 17:54
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch 3 times, most recently from 063102f to ac2d3e7 Compare March 17, 2025 18:27
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from ac2d3e7 to a8a54f2 Compare April 1, 2025 11:46
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from a8a54f2 to 7bfd210 Compare April 8, 2025 11:55
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from 7bfd210 to a188a92 Compare April 24, 2025 09:07
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from a188a92 to 5a28310 Compare May 19, 2025 16:36
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from 5a28310 to 0ae171a Compare May 28, 2025 08:30
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from 0ae171a to 596762e Compare June 4, 2025 11:15
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from 596762e to 7e60cd1 Compare June 22, 2025 14:44
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from 7e60cd1 to f0961d6 Compare July 2, 2025 13:36
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from f0961d6 to c8b4a65 Compare August 3, 2025 08:48
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch 2 times, most recently from 393438b to d6384e9 Compare August 13, 2025 14:33
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from d6384e9 to 85aed90 Compare August 19, 2025 15:11
@renovate renovate bot force-pushed the renovate/npm-astro-vulnerability branch from 85aed90 to f08c6e4 Compare August 19, 2025 22:04
@renovate renovate bot changed the title fix(deps): update dependency astro to v4.16.18 [security] fix(deps): update dependency astro to v4.16.19 [security] Aug 19, 2025
@wkillerud wkillerud merged commit 60235a1 into main Aug 27, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wkillerud