Ghostdevv

**Name of the Vulnerable Software and Affected Versions** Astro versions 11.0.3 through 12.6.5 **Description** Astro, a web framework for content-driven websites, is susceptible to a Server-Side Request Forgery (SSRF) issue when utilizing the Cloudflare adapter. When configured with `output: 'server'` and the default `imageService: 'compile'`, the generated image optimization endpoint fails to validate the received URLs, potentially allowing content from unauthorized third-party domains to be served. This flaw stems from a bug in the @astrojs/cloudflare adapter, enabling attackers to circumvent third-party domain restrictions and serve content from the vulnerable origin. **Recommendations** Update to Astro version 12.6.6 or later.