5.1.1
3 years ago
2 days ago
Known vulnerabilities in the astro package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Storage of File with Sensitive Data Under Web Root due to the exposure of sourcemap files in publicly accessible directories during the build process. An attacker can access and reconstruct server-side source code by making unauthorized HTTP GET requests to the server hosting the website. Note: This is only exploitable if sourcemaps are enabled. How to fix Storage of File with Sensitive Data Under Web Root? Upgrade | <4.16.18>=5.0.0-alpha.0 <5.0.8 |
astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the function How to fix Cross-site Request Forgery (CSRF)? Upgrade | <4.16.17 |