CVE-2024-56159: Astro's server source code is exposed to the public if sourcemaps are enabled
A bug in the build process allows any unauthenticated user to read parts of the server source code.
References
- github.com/advisories/GHSA-49w6-73cw-chjr
- github.com/withastro/astro
- github.com/withastro/astro/blob/176fe9f113fd912f9b61e848b00bbcfecd6d5c2c/packages/astro/src/core/build/static-build.ts
- github.com/withastro/astro/commit/039d022b1bbaacf9ea83071d27affc5318e0e515
- github.com/withastro/astro/commit/c879f501ff01b1a3c577de776a1f7100d78f8dd5
- github.com/withastro/astro/issues/12703
- github.com/withastro/astro/security/advisories/GHSA-49w6-73cw-chjr
- nvd.nist.gov/vuln/detail/CVE-2024-56159
Detect and mitigate CVE-2024-56159 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →