Vulnerability-Lookup

CVE-2026-54300 (GCVE-0-2026-54300)

Vulnerability from cvelistv5 – Published: 2026-06-22 17:30 – Updated: 2026-06-23 14:08

Title

@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

Summary

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as *.example.com is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as /ok/* is converted without end anchoring, so deeper paths match by prefix. This vulnerability is fixed in 7.0.13.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/withastro/astro/security/advis…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
withastro	astro	Affected: < 7.0.13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54300",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T14:08:19.830018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T14:08:54.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "astro",
          "vendor": "withastro",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro\u0027s canonical matcher. A single wildcard hostname such as *.example.com is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as /ok/* is converted without end anchoring, so deeper paths match by prefix. This vulnerability is fixed in 7.0.13."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T17:30:49.447Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38"
        }
      ],
      "source": {
        "advisory": "GHSA-529g-xq4f-cw38",
        "discovery": "UNKNOWN"
      },
      "title": "@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-54300",
    "datePublished": "2026-06-22T17:30:49.447Z",
    "dateReserved": "2026-06-12T17:46:37.294Z",
    "dateUpdated": "2026-06-23T14:08:54.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-54300",
      "date": "2026-06-29",
      "epss": "0.00187",
      "percentile": "0.08494"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-54300\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-22T19:17:21.400\",\"lastModified\":\"2026-06-23T15:44:39.343\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro\u0027s canonical matcher. A single wildcard hostname such as *.example.com is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as /ok/* is converted without end anchoring, so deeper paths match by prefix. This vulnerability is fixed in 7.0.13.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"withastro\",\"product\":\"astro\",\"versions\":[{\"version\":\"\u003c 7.0.13\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-23T14:08:19.830018Z\",\"id\":\"CVE-2026-54300\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-54300\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-23T14:08:19.830018Z\"}}}], \"references\": [{\"url\": \"https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-23T14:08:47.305Z\"}}], \"cna\": {\"title\": \"@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config\", \"source\": {\"advisory\": \"GHSA-529g-xq4f-cw38\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"withastro\", \"product\": \"astro\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 7.0.13\"}]}], \"references\": [{\"url\": \"https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38\", \"name\": \"https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro\u0027s canonical matcher. A single wildcard hostname such as *.example.com is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as /ok/* is converted without end anchoring, so deeper paths match by prefix. This vulnerability is fixed in 7.0.13.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-22T17:30:49.447Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-54300\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-23T14:08:54.167Z\", \"dateReserved\": \"2026-06-12T17:46:37.294Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-22T17:30:49.447Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-529G-XQ4F-CW38

Vulnerability from github – Published: 2026-06-16 14:37 – Updated: 2026-06-16 14:37

Summary

@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

Details

Summary

@astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remote_images regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as *.example.com is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as /ok/* is converted without end anchoring, so deeper paths match by prefix.

Technical details

The Netlify adapter generates regex strings for Netlify Image CDN from image.remotePatterns. For *.example.com, it emits ([a-z0-9-]+\\.)?example\\.com, which makes the subdomain optional. Astro's canonical helper requires exactly one subdomain and rejects the apex host.

For /ok/*, the adapter emits a segment regex but does not anchor the end of the URL. Netlify's Image CDN implementation treats images.remote_images entries as JavaScript regular expressions and calls .test(sourceImageUrl.href), so a URL such as /ok/a/b.svg matches the /ok/a prefix even though Astro's helper rejects it.

The latest npm package @astrojs/netlify@7.0.10 contains this conversion logic, and a minimal Astro build writes the broadened patterns into .netlify/v1/config.json.

Reproduction

Create an Astro app using astro@6.3.8 and @astrojs/netlify@7.0.10.
Configure Netlify output and a restrictive image pattern, for example remotePatterns: [{ protocol: 'http', hostname: '*.localhost', pathname: '/ok/*' }].
Build the app and observe that .netlify/v1/config.json contains http://([a-z0-9-]+\\.)?localhost(:[0-9]+)?(\\/ok/[^/?#]+)/?([?][^#]*)?.
Serve a canary SVG on 127.0.0.1:9001.
Request /.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fok%2Fa.svg&w=100. Astro's helper rejects the apex localhost for *.localhost, but Netlify Image CDN accepts it and fetches the canary.
As a negative control, request /.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fnope%2Fa.svg&w=100. This returns 403 Forbidden: Remote image URL not allowed and does not hit the canary.
Request /.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fok%2Fa%2Fb.svg&w=100. Astro's /ok/* helper rejects this deeper path, but Netlify Image CDN accepts it and fetches the canary.

Impact

Any Astro app deployed with @astrojs/netlify and a restrictive image.remotePatterns config can expose a wider image-fetch boundary than intended. Public requests to the Netlify Image CDN endpoint can fetch URLs that Astro's own matcher would reject, including apex hosts for *.host patterns and deeper paths for /path/* patterns. The practical impact depends on what the application intended to isolate behind the remote image allowlist, but it can disclose image-like resources from unintended hosts or paths behind the same configured remote origin family.

Remediation

Generate regexes that exactly match Astro's canonical matchHostname and matchPathname semantics, and anchor the full URL match before writing images.remote_images. In particular, *.example.com should require exactly one subdomain and should not match example.com, and /ok/* should match exactly one additional path segment and should not match /ok/a/b.

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@astrojs/netlify"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54300"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T14:37:33Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\n`@astrojs/netlify` converts Astro `image.remotePatterns` into Netlify Image CDN `images.remote_images` regular expressions with broader semantics than Astro\u0027s canonical matcher. A single wildcard hostname such as `*.example.com` is converted to an optional subdomain regex, so the apex host matches. A single wildcard pathname such as `/ok/*` is converted without end anchoring, so deeper paths match by prefix.\n\n## Technical details\n\nThe Netlify adapter generates regex strings for Netlify Image CDN from `image.remotePatterns`. For `*.example.com`, it emits `([a-z0-9-]+\\\\.)?example\\\\.com`, which makes the subdomain optional. Astro\u0027s canonical helper requires exactly one subdomain and rejects the apex host.\n\nFor `/ok/*`, the adapter emits a segment regex but does not anchor the end of the URL. Netlify\u0027s Image CDN implementation treats `images.remote_images` entries as JavaScript regular expressions and calls `.test(sourceImageUrl.href)`, so a URL such as `/ok/a/b.svg` matches the `/ok/a` prefix even though Astro\u0027s helper rejects it.\n\nThe latest npm package `@astrojs/netlify@7.0.10` contains this conversion logic, and a minimal Astro build writes the broadened patterns into `.netlify/v1/config.json`.\n\n## Reproduction\n\n1. Create an Astro app using `astro@6.3.8` and `@astrojs/netlify@7.0.10`.\n2. Configure Netlify output and a restrictive image pattern, for example `remotePatterns: [{ protocol: \u0027http\u0027, hostname: \u0027*.localhost\u0027, pathname: \u0027/ok/*\u0027 }]`.\n3. Build the app and observe that `.netlify/v1/config.json` contains `http://([a-z0-9-]+\\\\.)?localhost(:[0-9]+)?(\\\\/ok/[^/?#]+)/?([?][^#]*)?`.\n4. Serve a canary SVG on `127.0.0.1:9001`.\n5. Request `/.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fok%2Fa.svg\u0026w=100`. Astro\u0027s helper rejects the apex `localhost` for `*.localhost`, but Netlify Image CDN accepts it and fetches the canary.\n6. As a negative control, request `/.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fnope%2Fa.svg\u0026w=100`. This returns `403 Forbidden: Remote image URL not allowed` and does not hit the canary.\n7. Request `/.netlify/images?url=http%3A%2F%2Flocalhost%3A9001%2Fok%2Fa%2Fb.svg\u0026w=100`. Astro\u0027s `/ok/*` helper rejects this deeper path, but Netlify Image CDN accepts it and fetches the canary.\n\n## Impact\n\nAny Astro app deployed with `@astrojs/netlify` and a restrictive `image.remotePatterns` config can expose a wider image-fetch boundary than intended. Public requests to the Netlify Image CDN endpoint can fetch URLs that Astro\u0027s own matcher would reject, including apex hosts for `*.host` patterns and deeper paths for `/path/*` patterns. The practical impact depends on what the application intended to isolate behind the remote image allowlist, but it can disclose image-like resources from unintended hosts or paths behind the same configured remote origin family.\n\n## Remediation\n\nGenerate regexes that exactly match Astro\u0027s canonical `matchHostname` and `matchPathname` semantics, and anchor the full URL match before writing `images.remote_images`. In particular, `*.example.com` should require exactly one subdomain and should not match `example.com`, and `/ok/*` should match exactly one additional path segment and should not match `/ok/a/b`.",
  "id": "GHSA-529g-xq4f-cw38",
  "modified": "2026-06-16T14:37:33Z",
  "published": "2026-06-16T14:37:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/withastro/astro/security/advisories/GHSA-529g-xq4f-cw38"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/withastro/astro"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-54300 (GCVE-0-2026-54300)

GHSA-529G-XQ4F-CW38

Summary

Technical details

Reproduction

Impact

Remediation

Tags

Sightings

Nomenclature