Astro is a modern web framework that includes an image pipeline feature designed to optimize image handling. In versions 9.0.0 through 9.5.3, a vulnerability exists in the `inferSize` option, which fetches remote images during server-side rendering to determine their dimensions. Normally, Astro restricts remote image fetching to domains explicitly authorized by developers via `image.domains` or `image.remotePatterns` configurations. However, when `inferSize` is enabled, this domain validation is bypassed, allowing the server to fetch images from any arbitrary host specified in the URL. This flaw constitutes a Server-Side Request Forgery (SSRF) vulnerability (CWE-918), enabling an attacker who can control or influence image URLs—such as through CMS content or user input—to induce the server to make unauthorized HTTP requests. These requests can target internal network services, cloud provider metadata endpoints, or other sensitive resources inaccessible from the outside. The vulnerability does not require authentication or user interaction, and the attack surface includes any Astro-powered site using affected versions with `inferSize` enabled. The CVSS 3.1 score of 6.5 reflects a medium severity, with network attack vector, low attack complexity, no privileges or user interaction required, and impacts on integrity and availability but not confidentiality. The issue was addressed in Astro version 9.5.4 by enforcing domain validation during `inferSize` remote fetches. No public exploits have been reported yet, but the potential for internal network reconnaissance or cloud environment compromise makes this a significant risk for affected deployments.

The primary impact of this SSRF vulnerability is that attackers can coerce vulnerable Astro servers into making unauthorized HTTP requests to arbitrary hosts, including internal network services and cloud metadata endpoints. This can lead to information disclosure, such as retrieval of sensitive internal data or cloud instance credentials, and potentially enable further attacks like lateral movement or privilege escalation within the internal network. The integrity of server operations may be affected if attackers manipulate responses or trigger unintended actions via these forged requests. Availability could also be impacted if the server is induced to make numerous or malicious requests, leading to resource exhaustion or denial of service. Organizations running Astro versions 9.0.0 to 9.5.3 with the `inferSize` option enabled are at risk, especially if user input or CMS content can influence image URLs. Given Astro's popularity in modern web development, the vulnerability could affect a wide range of websites globally, including corporate, governmental, and cloud-hosted applications. The lack of authentication or user interaction requirements lowers the barrier for exploitation, increasing the threat level. Although no known exploits are currently reported, the potential for serious internal network compromise and cloud environment exposure makes this a critical consideration for affected organizations.

To mitigate this vulnerability, organizations should immediately upgrade Astro to version 9.5.4 or later, where the issue is fixed by enforcing domain validation during `inferSize` remote image fetches. Until upgrading, it is advisable to disable the `inferSize` option entirely to prevent unauthorized remote fetches. Additionally, review and restrict the sources of image URLs, especially those influenced by user input or CMS content, to trusted domains only. Implement network-level controls such as egress filtering and firewall rules to limit the server's ability to make arbitrary outbound HTTP requests, particularly to internal IP ranges and cloud metadata endpoints (e.g., 169.254.169.254). Employ Web Application Firewalls (WAFs) with SSRF detection capabilities to monitor and block suspicious request patterns. Conduct thorough code reviews and penetration testing focused on SSRF vectors in the image pipeline and related features. Finally, monitor logs for unusual outbound requests from the server that could indicate exploitation attempts.