What is CVE-2024-56159?

CVE-2024-56159 is a vulnerability in Withastro Astro, classified under CWE-219. Published 2024-12-19.

Is CVE-2024-56159 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Withastro Astro

CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap file…

EPSS: 0.108 (93.5th percentile) — read the EPSS interpretation.

Affected products

Withastro Astro — versions >= 5.0.0, < 5.0.8, < 4.16.18

Weakness classification (CWE)

CWE-219

Public proof-of-concept exploits

References

https://github.com/withastro/astro/security/advisories/GHSA-49w6-73cw-chjr (x_refsource_CONFIRM)
https://github.com/withastro/astro/issues/12703 (x_refsource_MISC)
https://github.com/getsentry/sentry-javascript/blob/develop/packages/astro/src/integration/index.ts#L50 (x_refsource_MISC)
https://github.com/withastro/astro/blob/176fe9f113fd912f9b61e848b00bbcfecd6d5c2c/packages/astro/src/core/build/static-build.ts#L139 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-56159?: CVE-2024-56159 is a vulnerability in Withastro Astro, classified under CWE-219. Published 2024-12-19.
Is CVE-2024-56159 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.