Generalzero

Name of the Vulnerable Software and Affected Versions: Astro versions prior to 5.13.2 Astro versions prior to 4.16.18 Description: Astro is a web framework for content-driven websites. The image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. The `/ image` endpoint, which returns optimized versions of images, is affected. An attacker can bypass third-party domain restrictions by using a protocol-relative URL as the image source, such as `/ image?href=//example.com/image.png`. Recommendations: Update to Astro version 5.13.2 or later. Update to Astro version 4.16.18 or later.