Astro Path Normalization Vulnerability Allowing Middleware Bypass
Vulnerability
A vulnerability in Astro prior to version 5.15.8 allows for the bypassing of middleware validation checks on request paths. Astro normalizes request paths by applying decodeURI() for routing, but the middleware reads the path without this normalization. This mismatch can be exploited by using encoded path variants to access protected routes, such as '/admin', while evading authentication checks. The issue has been addressed in version 5.15.8.
Impact
Exploitation of this vulnerability can lead to unauthorized access to protected routes by bypassing middleware validation checks.
Reproduction
To reproduce this vulnerability, send a request to a protected route, such as '/admin', using an encoded path variant that bypasses the middleware's validation. The middleware will read the raw, unnormalized path, allowing access to the route without proper authentication.
Remediation
Users are advised to update to Astro version 5.15.8 or later, and ensure that middleware validation checks are applied to the same normalized pathname that Astro uses for routing.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.