Astro
CVE-2023-50249
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0.
AnalysisAI
Sentry-Javascript is official Sentry SDKs for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0. Affected products include: Sentry Astro. Version information: version 7.87.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerabi
Astro is a web framework for content-driven websites. Rated high severity (CVSS 7.8), this vulnerability is remotely exp
Astro is a web framework. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication
Astro is a web framework for content-driven websites. Rated medium severity (CVSS 6.9), this vulnerability is remotely e
Astro is a web framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticatio
Astro is a web framework for content-driven websites. Rated medium severity (CVSS 5.5), this vulnerability is remotely e
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @c
Authorization bypass in the Astro web framework version 6.4.7 lets remote unauthenticated attackers reach protected rout
The @astrojs/vercel serverless adapter in Astro versions prior to 10.0.2 contains an unauthenticated path traversal vuln
Astro is a web framework for content-driven websites. Rated medium severity (CVSS 6.5), this vulnerability is remotely e
Astro web framework versions prior to 10.0.0 contain an unbounded JSON parsing vulnerability in the Server Islands POST
The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to ver
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today