Summary
In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served.
Details
On-demand rendered sites built with Astro include an /_image endpoint which returns optimized versions of images.
The /_image endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the image.domains or image.remotePatterns options).
However, a bug in impacted versions of astro allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. /_image?href=//example.com/image.png.
Proof of Concept
-
Create a new minimal Astro project ([email protected]).
-
Configure it to use the Node adapter (@astrojs/[email protected] — newer versions are not impacted):
// astro.config.mjs
import { defineConfig } from 'astro/config';
import node from '@astrojs/node';
export default defineConfig({
adapter: node({ mode: 'standalone' }),
});
-
Build the site by running astro build.
-
Run the server, e.g. with astro preview.
-
Append /_image?href=//placehold.co/600x400 to the preview URL, e.g. http://localhost:4321/_image?href=//placehold.co/600x400
-
The site will serve the image from the unauthorized placehold.co origin.
Impact
Allows a non-authorized third-party to create URLs on an impacted site’s origin that serve unauthorized image content.
In the case of SVG images, this could include the risk of cross-site scripting (XSS) if a user followed a link to a maliciously crafted SVG.
HakuPiku Finder
GeneralZero Reporter
chriselbring-avalabs Reporter
ematipico Remediation developer
delucis Remediation verifier
Princesseuh Remediation reviewer
Summary
In affected versions of
astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served.Details
On-demand rendered sites built with Astro include an
/_imageendpoint which returns optimized versions of images.The
/_imageendpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using theimage.domainsorimage.remotePatternsoptions).However, a bug in impacted versions of
astroallows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g./_image?href=//example.com/image.png.Proof of Concept
Create a new minimal Astro project (
[email protected]).Configure it to use the Node adapter (
@astrojs/[email protected]— newer versions are not impacted):Build the site by running
astro build.Run the server, e.g. with
astro preview.Append
/_image?href=//placehold.co/600x400to the preview URL, e.g. http://localhost:4321/_image?href=//placehold.co/600x400The site will serve the image from the unauthorized
placehold.coorigin.Impact
Allows a non-authorized third-party to create URLs on an impacted site’s origin that serve unauthorized image content.
In the case of SVG images, this could include the risk of cross-site scripting (XSS) if a user followed a link to a maliciously crafted SVG.