CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-56140

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00037/1

CVE-2024-56140 affects the Astro web framework, allowing CSRF (Cross-Site Request Forgery) checks to be bypassed. This vulnerability exists due to a flaw in Astro's CSRF-protection middleware when the security.checkOrigin option is enabled. By exploiting the handling of the Content-Type header, attackers can craft requests that bypass CSRF protection. Specifically, the inclusion of a semicolon-delimited parameter after the content type fools the browser into treating the request as a 'simple request', thus skipping preflight validation. Despite the low SVRS score of 30, indicating a lower immediate risk compared to critical vulnerabilities, the potential for exploitation still exists. Users of Astro are advised to upgrade to version 4.16.17 to mitigate this security risk. This flaw can lead to unauthorized actions performed on behalf of legitimate users.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-18
LAST MODIFIED2024-12-18
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-56140 affects Astro, a web framework for content-driven websites. The vulnerability stems from a flaw in Astro's CSRF (Cross-Site Request Forgery) protection middleware, allowing attackers to bypass CSRF checks and potentially execute unauthorized actions on a user's behalf.

While the vulnerability has a CVSS score of 5.9, the SOCRadar Vulnerability Risk Score (SVRS) is 46, indicating a moderate risk requiring attention.

Key Insights

  • Bypass of CSRF Protection: The vulnerability allows attackers to bypass CSRF protection mechanisms by exploiting a flaw in the security.checkOrigin configuration option and manipulating the Content-Type header.
  • Wide Impact: This vulnerability could impact any website built using Astro, potentially exposing a large user base to CSRF attacks.
  • Exploitation Potential: Although no known exploits are publicly available, the vulnerability's nature makes it potentially exploitable for malicious purposes.
  • No Workarounds: Currently, there are no known workarounds to mitigate the vulnerability.

Mitigation Strategies

  • Upgrade Astro: Immediately upgrade to Astro version 4.16.17 or later, which addresses the vulnerability.
  • Implement Strong CSRF Protection: Consider implementing additional CSRF protection mechanisms on top of Astro's built-in features.
  • Review Configuration: Ensure that the security.checkOrigin configuration option is correctly set and that the Content-Type header is appropriately validated.
  • Security Monitoring: Implement robust security monitoring and logging to detect and respond to potential exploitation attempts.

Additional Information

If you have further queries or concerns regarding this incident, please utilize the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for additional information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-56140 | withastro up to 4.16.16 security.checkOrigin cross-site request forgery (GHSA-c4pw-33h3-35xw)
vuldb.com2025-02-17
CVE-2024-56140 | withastro up to 4.16.16 security.checkOrigin cross-site request forgery (GHSA-c4pw-33h3-35xw) | A vulnerability classified as problematic has been found in withastro astro up to 4.16.16. This affects an unknown part. The manipulation of the argument security.checkOrigin leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-56140. It is possible to initiate the attack remotely
vuldb.com
rss
forum
news

Social Media

CVE-2024-56140 CSRF Bypass Vulnerability in Astro Framework Pre-4.16.17 Versions Astro is a framework for building websites focused on content. In some versions, there is an issue where Astro's CSRF-protection do... https://t.co/Ks6KJMDAIQ
0
0
0
CVE-2024-56140 Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the… https://t.co/Dr5JRKquOO
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
[email protected]https://github.com/withastro/astro/blob/6031962ab5f56457de986eb82bd24807e926ba1b/packages/astro/src/core/app/middlewares.ts
[email protected]https://github.com/withastro/astro/commit/e7d14c374b9d45e27089994a4eb72186d05514de
[email protected]https://github.com/withastro/astro/security/advisories/GHSA-c4pw-33h3-35xw

CWE Details

CWE IDCWE NameDescription
CWE-352Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence