@astrojs/node 9.5.5

Direct Vulnerabilities

Known vulnerabilities in the @astrojs/node package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Use of Web Browser Cache Containing Sensitive Information @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information via the `serve-static.ts` component. An attacker can cause legitimate users to receive persistent error responses for static assets by sending requests with malformed `if-match` headers, leading edge servers to cache error pages instead of the intended content. How to fix Use of Web Browser Cache Containing Sensitive Information? Upgrade `@astrojs/node` to version 10.0.5 or higher.	<10.0.5
H Allocation of Resources Without Limits or Throttling @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the `/_server-islands/[name]` route handler, which buffers and parses the entire request body as JSON without enforcing a size limit. An attacker can cause the server process to exhaust available memory and crash by sending a single unauthenticated request with a crafted payload containing many small JSON objects, resulting in significant memory amplification. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `@astrojs/node` to version 10.0.0 or higher.	<10.0.0

Vulnerability

Vulnerable Version

Use of Web Browser Cache Containing Sensitive Information

@astrojs/node is a Deploy your site to a Node.js server

Affected versions of this package are vulnerable to Use of Web Browser Cache Containing Sensitive Information via the serve-static.ts component. An attacker can cause legitimate users to receive persistent error responses for static assets by sending requests with malformed if-match headers, leading edge servers to cache error pages instead of the intended content.

How to fix Use of Web Browser Cache Containing Sensitive Information?

Upgrade @astrojs/node to version 10.0.5 or higher.

<10.0.5

Allocation of Resources Without Limits or Throttling

@astrojs/node is a Deploy your site to a Node.js server

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the /_server-islands/[name] route handler, which buffers and parses the entire request body as JSON without enforcing a size limit. An attacker can cause the server process to exhaust available memory and crash by sending a single unauthenticated request with a crafted payload containing many small JSON objects, resulting in significant memory amplification.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade @astrojs/node to version 10.0.0 or higher.

<10.0.0

@astrojs/node@9.5.5

Deploy your site to a Node.js server

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically