CVE-2024-56140

{"id": "CVE-2024-56140", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-12-18T21:15:08.353", "references": [{"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests", "tags": ["Technical Description"], "source": "[email protected]"}, {"url": "https://github.com/withastro/astro/blob/6031962ab5f56457de986eb82bd24807e926ba1b/packages/astro/src/core/app/middlewares.ts", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/withastro/astro/commit/e7d14c374b9d45e27089994a4eb72186d05514de", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Astro is a web framework for content-driven websites. In affected versions a bug in Astro\u2019s CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perform a CSRF check. However, a vulnerability exists that can bypass this security. A semicolon-delimited parameter is allowed after the type in `Content-Type`. Web browsers will treat a `Content-Type` such as `application/x-www-form-urlencoded; abc` as a `simple request` and will not perform preflight validation. In this case, CSRF is not blocked as expected. Additionally, the `Content-Type` header is not required for a request. This issue has been addressed in version 4.16.17 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Astro es un framework para sitios web basados en contenido. En las versiones afectadas, un error en el middleware de protecci\u00f3n CSRF de Astro permite que las solicitudes eludan las comprobaciones CSRF. Cuando la opci\u00f3n de configuraci\u00f3n `security.checkOrigin` se establece en `true`, el middleware Astro realizar\u00e1 una comprobaci\u00f3n CSRF. Sin embargo, existe una vulnerabilidad que puede eludir esta seguridad. Se permite un par\u00e1metro delimitado por punto y coma despu\u00e9s del tipo en `Content-Type`. Los navegadores web tratar\u00e1n un `Content-Type` como `application/x-www-form-urlencoded; abc` como una `solicitud simple` y no realizar\u00e1n una validaci\u00f3n previa. En este caso, CSRF no se bloquea como se esperaba. Adem\u00e1s, el encabezado `Content-Type` no es necesario para una solicitud. Este problema se ha solucionado en la versi\u00f3n 4.16.17 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad."}], "lastModified": "2025-11-25T13:42:59.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:astro:astro:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "EC2DFB09-8B1E-4AA4-AADA-D16A2D4423C4", "versionEndExcluding": "4.16.17"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}