Skip to main content

Astro CVE-2023-50249

HIGH
Uncontrolled Resource Consumption (CWE-400)
2023-12-20 security-advisories@github.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 20, 2023 - 14:15 nvd
HIGH 7.5

DescriptionNVD

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0.

AnalysisAI

Sentry-Javascript is official Sentry SDKs for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Technical ContextAI

This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading to denial of service (DoS). This vulnerability has been patched in sentry/astro version 7.87.0. Affected products include: Sentry Astro. Version information: version 7.87.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.

More in Astro

View all
CVE-2018-7180 CRITICAL POC
9.8 Feb 17

SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla!. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2024-56159 HIGH POC
7.8 Dec 19

Astro is a web framework for content-driven websites. Rated high severity (CVSS 7.8), this vulnerability is remotely exp

CVE-2025-64764 HIGH POC
7.1 Nov 19

Astro is a web framework. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication

CVE-2025-55303 MEDIUM POC
6.9 Aug 19

Astro is a web framework for content-driven websites. Rated medium severity (CVSS 6.9), this vulnerability is remotely e

CVE-2025-64525 MEDIUM POC
6.5 Nov 13

Astro is a web framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticatio

CVE-2025-54793 MEDIUM POC
5.5 Aug 08

Astro is a web framework for content-driven websites. Rated medium severity (CVSS 5.5), this vulnerability is remotely e

CVE-2026-41248 CRITICAL
9.1 Apr 24

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @c

CVE-2026-59731 HIGH
8.2 Jul 08

Authorization bypass in the Astro web framework version 6.4.7 lets remote unauthenticated attackers reach protected rout

CVE-2026-33768 MEDIUM
6.5 Mar 24

The @astrojs/vercel serverless adapter in Astro versions prior to 10.0.2 contains an unauthenticated path traversal vuln

CVE-2024-56140 MEDIUM
6.5 Dec 18

Astro is a web framework for content-driven websites. Rated medium severity (CVSS 6.5), this vulnerability is remotely e

CVE-2026-29772 MEDIUM
5.9 Mar 24

Astro web framework versions prior to 10.0.0 contain an unbounded JSON parsing vulnerability in the Server Islands POST

CVE-2024-47885 MEDIUM
5.4 Oct 14

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to ver

Share

CVE-2023-50249 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy