CVE-2025-59837 | withastro up to 5.13.9 href server-side request forgery (GHSA-qcpr-679q-rhm2)

Inserito da Angelo Barbosa | Ott 28, 2025 | CVE

A vulnerability has been found in withastro astro up to 5.13.9 and classified as critical. The affected element is an unknown function. The manipulation of the argument href leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2025-59837. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.

CVE-2025-59837 | withastro up to 5.13.9 href server-side request forgery (GHSA-qcpr-679q-rhm2)

Post correlati

CVE-2024-29831 | Apache DolphinScheduler up to 3.2.1 code injection

CVE-2024-43658 | Iocharger 24120701 path traversal (DIVD-2024-00035)

CVE-2024-11658 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 ajax_getChannelList countryCode command injection

CVE-2020-24102 | Punkbuster pbsv.d64 2.351 path traversal