GHSA-xf8x-j4p2-f749

### Summary

In affected versions of `astro`, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served.

### Details

On-demand rendered sites built with Astro include an `/_image` endpoint which returns optimized versions of images.

The `/_image` endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the [`image.domains`](https://docs.astro.build/en/reference/configuration-reference/#imagedomains) or [`image.remotePatterns`](https://docs.astro.build/en/reference/configuration-reference/#imageremotepatterns) options).

However, a bug in impacted versions of `astro` allows an attacker to bypass the third-party domain restrictions by using a protocol-relative URL as the image source, e.g. `/_image?href=//example.com/image.png`.

### Proof of Concept

1. Create a new minimal Astro project (`astro@5.13.0`).

2. Configure it to use the Node adapter (`@astrojs/node@9.1.0` — newer versions are not impacted):

```js // astro.config.mjs import { defineConfig } from 'astro/config'; import node from '@astrojs/node';

export default defineConfig({ adapter: node({ mode: 'standalone' }), }); ```

3. Build the site by running `astro build`.

4. Run the server, e.g. with `astro preview`.

5. Append `/_image?href=//placehold.co/600x400` to the preview URL, e.g. <http://localhost:4321/_image?href=//placehold.co/600x400>

6. The site will serve the image from the unauthorized `placehold.co` origin.

### Impact

Allows a non-authorized third-party to create URLs on an impacted site’s origin that serve unauthorized image content. In the case of SVG images, this could include the risk of cross-site scripting (XSS) if a user followed a link to a maliciously crafted SVG.