CVE-2025-59837 Analysis: How I Bypassed an Astro Security Patch

"<!DOCTYPE html>\n<html>\n <head>\n <title>Sign in ・ Cloudflare Access</title>\n \n <meta charset=\"utf-8\" />\n <meta name=\"robots\" content=\"noindex\" />\n <meta name=\"viewport\" content=\"initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width\" />\n <link rel=\"icon\" type=\"image/svg+xml\" href=\"data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 62 50'%3E %3Cstyle%3E path %7B fill: url(%23gradient-light); %7D @media (prefers-color-scheme: dark) %7B path %7B fill: url(%23gradient-dark); %7D %7D %3C/style%3E %3Cdefs%3E %3ClinearGradient id='gradient-light' x1='30.7' y1='0' x2='30.7' y2='49.8' gradientUnits='userSpaceOnUse'%3E %3Cstop stop-color='%23332CB3'/%3E %3Cstop offset='1' stop-color='%23456FDD'/%3E %3C/linearGradient%3E %3ClinearGradient id='gradient-dark' x1='30.7' y1='0' x2='30.7' y2='49.8' gradientUnits='userSpaceOnUse'%3E %3Cstop stop-color='%23FFFFFF'/%3E %3Cstop offset='1' stop-color='%23E0E0E0'/%3E %3C/linearGradient%3E %3C/defs%3E %3Cpath d='M21.3 15.6h-7.8C17.2 6.4 26.1 0 36.6 0c13.7 0 24.9 11.1 24.9 24.9 0 13.7-11.1 24.9-24.9 24.9-10.4 0-19.4-6.4-23.1-15.6h7.8c3.1 5.1 8.8 8.6 15.3 8.6 9.9 0 17.9-8 17.9-17.9 0-9.9-8-17.9-17.9-17.9-6.5 0-12.1 3.4-15.3 8.6zm-12 14l-3.1-3.1h36.7c1.4 0 2.1 1.7 1.1 2.7l-6.2 6.2-2.2-2.2 3.6-3.6H9.3zm23-12.9l2.2-2.2 6.2 6.2c1 1 .3 2.7-1.1 2.7H3.1L0 20.2h35.9l-3.6-3.5z'/%3E %3C/svg%3E \" />\n <article id=\"data\"\n data-auto-redirect-to-identity=\"false\"\n data-auto-redirect-url=\"\"\n data-message=\"\">\n </article>\n <style>*{-webkit-box-sizing:inherit;box-sizing:inherit}body,html{min-height:100vh}html{background:#f7f7f8;text-align:center;text-rendering:optimizeLegibility;font-family:-apple-system,BlinkMacSystemFont,\"Segoe UI\",Helvetica,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\",\"Segoe UI Symbol\";line-height:1.5;word-wrap:break-word;-webkit-box-sizing:border-box;box-sizing:border-box;background:#003d7b;color:#4f566b}body{margin:0;padding:32px 8px}.Button.Button-is-auth .Button-auth-service-icon,.Content{-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center}.Content,body{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.Content{margin:32px;-webkit-box-flex:1;-ms-flex-positive:1;flex-grow:1}@media screen and (max-width:768px){.Content{padding:0;margin:32px 0}}.AuthBox{max-width:100%;background:#fff;border:1px solid #eaebeb;-webkit-box-shadow:0 4px 8px rgba(146,151,155,.15);box-shadow:0 4px 8px rgba(146,151,155,.15);padding-top:2em;width:36em}.base_AccessLogo{margin-bottom:1em}.base_TeamsLogo{padding-top:1em;padding-bottom:2em}@media only screen and (max-width:420px) and (pointer:coarse){.base_AccessLogo{margin-top:1em}.base_TeamsLogo{padding:1em 0}}.Content{margin-top:8px}.AuthBox{border-radius:5px;margin-top:0;margin-bottom:0}.AuthBox .AuthBox-error-box-footer{border-radius:5px 0 .5em .5em;background:rgba(0,0,0,.03);border-top:1px solid rgba(0,0,0,.15)}.AuthBox .AuthBoxRow--name{font-size:15px;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block}.AuthBox-RequestCode{border-bottom-left-radius:5px;border-bottom-right-radius:5px;padding-bottom:2.5em}.AuthBox-RequestCode__idpsExist{background:#f7f7f8}.AuthBox-error-box-footer{border:0;border-radius:5px;margin-bottom:2rem}.ErrorBlock,.ErrorBlock-icon{display:-webkit-box;display:-ms-flexbox;display:flex}.ErrorBlock-icon{width:2.25em;height:2.25em;margin-right:1.25em}.ErrorBlock-icon>svg{display:block;height:100%;width:100%}.ErrorBlock-body{-webkit-box-flex:1;-ms-flex:1;flex:1}.ErrorBlock-header-text{font-size:1.4em;margin-bottom:.5em}.JSONBlock{display:block;font-size:.9em;margin:0;padding:1.5em;font-family:Monaco,\"Bitstream Vera Sans Mono\",\"Lucida Console\",Terminal,monospace;overflow-x:scroll;-webkit-overflow-scrolling:touch;color:rgba(0,0,0,.6)}.AuthBox-text{color:#4a4a4a;font-size:1.25em;font-weight:600;padding-top:1em;margin-bottom:24px}.AuthServiceLogin .AuthServiceLogin-row{padding-bottom:1em}.AuthFormLogin-row{text-align:left;margin:auto;max-width:22em;padding:1em 8px 0}.Footer-text,.Header-text{padding:3em 1em 1em;font-size:12px;line-height:18px}.Footer-text{padding:1em}.Footer-text span{white-space:pre-line}label{display:block;font-weight:600;margin-bottom:.5em}.Button{position:relative;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-appearance:none;-moz-appearance:none;appearance:none;display:inline-block;cursor:pointer;text-decoration:none;font:inherit;color:#fff;background:#333;padding:.5em 0;border:0;margin:0;border-radius:5px}.Button.Button-uses-org-theme-accent-color{background-color:#2c7cb0;padding:0 8px;width:100%}.Button:hover{-webkit-box-shadow:inset 0 0 0 999em rgba(255,255,255,.2);box-shadow:inset 0 0 0 999em rgba(255,255,255,.2)}.Button.Button-is-juicy{border-radius:5px;padding-top:.75em;padding-bottom:.75em;max-width:14em;font-weight:300}.Button.Button-is-block{display:block;margin:auto}.Button.Button-is-auth{background-color:#f7f7f8;border:1px solid #d5d7d8;color:inherit;text-align:left;min-height:55px;margin:0 3.5em;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-wrap:inherit;flex-wrap:inherit;padding-left:.5em}.Button.Button-is-auth .Button-auth-service-icon{width:2.8em;height:auto;padding:.5em;color:#1d1f20}.Button.Button-is-auth .Button-auth-service-icon>svg{fill:currentColor;display:block;min-width:25px;width:25px;height:25px}.Button.Button-uses-org-theme-accent-color{margin:0;max-width:unset}.AuthBox-messages{max-width:36em}.Button.Button-is-auth .Button-auth-service-icon,.Message,.RayID{display:-webkit-box;display:-ms-flexbox;display:flex}.Message{-webkit-box-align:center;-ms-flex-align:center;align-items:center;font-size:.9em;overflow:hidden;margin-bottom:1em;padding:.5em 1em;text-align:left;border-radius:5px}.Message svg{height:1em;width:1em;margin-right:.5em}.Message.Message-is-warning{background:#fcf0f2;color:#711423;border:1px solid #f3bac3}.Message.Message-is-success{background:#a6eac9;color:#1c422b;border:1px solid #b0ddc2}.RayID{padding:0;text-align:center;background:#dfbd9f}.RayID.RayID-Title,.RayID.RayID-Value{-webkit-box-flex:0;-ms-flex:0 0 auto;flex:0 0 auto;padding:1em;display:inline-block}.RayID.RayID-Value{background:#e7c9af;-webkit-box-flex:1;-ms-flex:1 1 auto;flex:1 1 auto;font-family:Monaco,\"Bitstream Vera Sans Mono\",\"Lucida Console\",Terminal,monospace}.StandardInput{position:relative;-webkit-user-select:auto;-moz-user-select:auto;-ms-user-select:auto;user-select:auto;-webkit-appearance:none;-moz-appearance:none;appearance:none;display:inline-block;text-align:left;font:inherit;color:\"#333333\";padding:.5em 1em;border:1px solid #cacaca;margin:0;border-radius:5px}.StandardInput:focus{outline:0;border-color:#777}.StandardInput.StandardInput-is-block{display:block;font-size:1em;width:100%}.StandardInput.StandardInput-is-code{font-family:Monaco,\"Bitstream Vera Sans Mono\",\"Lucida Console\",Terminal,monospace}.StandardInput.StandardInput-is-entry-code{font-size:20px}.StandardInput:-moz-placeholder,.StandardInput::-webkit-input-placeholder{font-family:inherit}.OrgAvatarLink{display:block;text-decoration:none;color:inherit}.OrgAvatarLink-logo img{margin-bottom:.5em}.App-name,.OrgAvatarLink-title{text-align:center;font-weight:200}.OrgAvatarLink-title{color:#4e5255;font-size:.8em}.App-name{font-size:1.5em}@media screen and (max-width:650px){.Button.Button-is-auth{margin:0 8px}.AuthFormLogin .AuthFormLogin-row{width:auto}.Content{margin:8px 0}}</style>\n\n <!-- URL polyfill for IE11 -->\n <script>!function(e){\"use strict\";function t(t){return!!t&&(\"Symbol\"in e&&\"iterator\"in e.Symbol&&\"function\"==typeof t[Symbol.iterator]||!!Array.isArray(t))}function n(e){return\"from\"in Array?Array.from(e):Array.prototype.slice.call(e)}!function(){var r,a=e.URL;try{if(a){if(\"searchParams\"in(r=new e.URL(\"http://example.com\")))return;\"href\"in r||(r=void 0)}}catch(e){}function i(e){var t=\"\",n=!0;return e.forEach(function(e){var r=encodeURIComponent(e.name),a=encodeURIComponent(e.value);n||(t+=\"&\"),t+=r+\"=\"+a,n=!1}),t.replace(/%20/g,\"+\")}function o(e,t){var n=e.split(\"&\");t&&-1===n[0].indexOf(\"=\")&&(n[0]=\"=\"+n[0]);var r=[];n.forEach(function(e){if(0!==e.length){var t=e.indexOf(\"=\");if(-1!==t)var n=e.substring(0,t),a=e.substring(t+1);else n=e,a=\"\";n=n.replace(/\\+/g,\" \"),a=a.replace(/\\+/g,\" \"),r.push({name:n,value:a})}});var a=[];return r.forEach(function(e){a.push({name:decodeURIComponent(e.name),value:decodeURIComponent(e.value)})}),a}function u(e){var r=this;this._list=[],null==e||(e instanceof u?this._list=o(String(e)):\"object\"==typeof e&&t(e)?n(e).forEach(function(e){if(!t(e))throw TypeError();var a=n(e);if(2!==a.length)throw TypeError();r._list.push({name:String(a[0]),value:String(a[1])})}):\"object\"==typeof e&&e?Object.keys(e).forEach(function(t){r._list.push({name:String(t),value:String(e[t])})}):(\"?\"===(e=String(e)).substring(0,1)&&(e=e.substring(1)),this._list=o(e))),this._url_object=null,this._setList=function(e){a||(r._list=e)};var a=!1;this._update_steps=function(){a||(a=!0,r._url_object&&(\"about:\"===r._url_object.protocol&&-1!==r._url_object.pathname.indexOf(\"?\")&&(r._url_object.pathname=r._url_object.pathname.split(\"?\")[0]),r._url_object.search=i(r._list),a=!1))}}function l(e,t){var n=0;this.next=function(){if(n>=e.length)return{done:!0,value:void 0};var r=e[n++];return{done:!1,value:\"key\"===t?r.name:\"value\"===t?r.value:[r.name,r.value]}}}function c(t,n){if(!(this instanceof e.URL))throw new TypeError(\"Failed to construct 'URL': Please use the 'new' operator.\");n&&(t=function(){if(r)return new a(t,n).href;var e;try{var i;if(\"[object OperaMini]\"===Object.prototype.toString.call(window.operamini)?((e=document.createElement(\"iframe\")).style.display=\"none\",document.documentElement.appendChild(e),i=e.contentWindow.document):document.implementation&&document.implementation.createHTMLDocument?i=document.implementation.createHTMLDocument(\"\"):document.implementation&&document.implementation.createDocument?((i=document.implementation.createDocument(\"http://www.w3.org/1999/xhtml\",\"html\",null)).documentElement.appendChild(i.createElement(\"head\")),i.documentElement.appendChild(i.createElement(\"body\"))):window.ActiveXObject&&((i=new window.ActiveXObject(\"htmlfile\")).write(\"<head></head><body></body>\"),i.close()),!i)throw Error(\"base not supported\");var o=i.createElement(\"base\");o.href=n,i.getElementsByTagName(\"head\")[0].appendChild(o);var u=i.createElement(\"a\");return u.href=t,u.href}finally{e&&e.parentNode.removeChild(e)}}());var i=function(e){if(r)return new a(e);var t=document.createElement(\"a\");return t.href=e,t}(t||\"\"),l=function(){if(!(\"defineProperties\"in Object))return!1;try{var e={};return Object.defineProperties(e,{prop:{get:function(){return!0}}}),e.prop}catch(e){return!1}}()?this:document.createElement(\"a\"),c=new u(i.search?i.search.substring(1):null);function s(){var e=i.href.replace(/#$|\\?$|\\?(?=#)/g,\"\");i.href!==e&&(i.href=e)}function f(){c._setList(i.search?o(i.search.substring(1)):[]),c._update_steps()}return c._url_object=l,Object.defineProperties(l,{href:{get:function(){return i.href},set:function(e){i.href=e,s(),f()},enumerable:!0,configurable:!0},origin:{get:function(){return\"origin\"in i?i.origin:this.protocol+\"//\"+this.host},enumerable:!0,configurable:!0},protocol:{get:function(){return i.protocol},set:function(e){i.protocol=e},enumerable:!0,configurable:!0},username:{get:function(){return i.username},set:function(e){i.username=e},enumerable:!0,configurable:!0},password:{get:function(){return i.password},set:function(e){i.password=e},enumerable:!0,configurable:!0},host:{get:function(){var e={\"http:\":/:80$/,\"https:\":/:443$/,\"ftp:\":/:21$/}[i.protocol];return e?i.host.replace(e,\"\"):i.host},set:function(e){i.host=e},enumerable:!0,configurable:!0},hostname:{get:function(){return i.hostname},set:function(e){i.hostname=e},enumerable:!0,configurable:!0},port:{get:function(){return i.port},set:function(e){i.port=e},enumerable:!0,configurable:!0},pathname:{get:function(){return\"/\"!==i.pathname.charAt(0)?\"/\"+i.pathname:i.pathname},set:function(e){i.pathname=e},enumerable:!0,configurable:!0},search:{get:function(){return i.search},set:function(e){i.search!==e&&(i.search=e,s(),f())},enumerable:!0,configurable:!0},searchParams:{get:function(){return c},enumerable:!0,configurable:!0},hash:{get:function(){return i.hash},set:function(e){i.hash=e,s()},enumerable:!0,configurable:!0},toString:{value:function(){return i.toString()},enumerable:!1,configurable:!0},valueOf:{value:function(){return i.valueOf()},enumerable:!1,configurable:!0}}),l}if(Object.defineProperties(u.prototype,{append:{value:function(e,t){this._list.push({name:e,value:t}),this._update_steps()},writable:!0,enumerable:!0,configurable:!0},delete:{value:function(e){for(var t=0;t<this._list.length;)this._list[t].name===e?this._list.splice(t,1):++t;this._update_steps()},writable:!0,enumerable:!0,configurable:!0},get:{value:function(e){for(var t=0;t<this._list.length;++t)if(this._list[t].name===e)return this._list[t].value;return null},writable:!0,enumerable:!0,configurable:!0},getAll:{value:function(e){for(var t=[],n=0;n<this._list.length;++n)this._list[n].name===e&&t.push(this._list[n].value);return t},writable:!0,enumerable:!0,configurable:!0},has:{value:function(e){for(var t=0;t<this._list.length;++t)if(this._list[t].name===e)return!0;return!1},writable:!0,enumerable:!0,configurable:!0},set:{value:function(e,t){for(var n=!1,r=0;r<this._list.length;)this._list[r].name===e?n?this._list.splice(r,1):(this._list[r].value=t,n=!0,++r):++r;n||this._list.push({name:e,value:t}),this._update_steps()},writable:!0,enumerable:!0,configurable:!0},entries:{value:function(){return new l(this._list,\"key+value\")},writable:!0,enumerable:!0,configurable:!0},keys:{value:function(){return new l(this._list,\"key\")},writable:!0,enumerable:!0,configurable:!0},values:{value:function(){return new l(this._list,\"value\")},writable:!0,enumerable:!0,configurable:!0},forEach:{value:function(e){var t=arguments.length>1?arguments[1]:void 0;this._list.forEach(function(n,r){e.call(t,n.value,n.name)})},writable:!0,enumerable:!0,configurable:!0},toString:{value:function(){return i(this._list)},writable:!0,enumerable:!1,configurable:!0}}),\"Symbol\"in e&&\"iterator\"in e.Symbol&&(Object.defineProperty(u.prototype,e.Symbol.iterator,{value:u.prototype.entries,writable:!0,enumerable:!0,configurable:!0}),Object.defineProperty(l.prototype,e.Symbol.iterator,{value:function(){return this},writable:!0,enumerable:!0,configurable:!0})),a)for(var s in a)a.hasOwnProperty(s)&&\"function\"==typeof a[s]&&(c[s]=a[s]);e.URL=c,e.URLSearchParams=u}(),function(){if(\"1\"!==new e.URLSearchParams([[\"a\",1]]).get(\"a\")||\"1\"!==new e.URLSearchParams({a:1}).get(\"a\")){var r=e.URLSearchParams;e.URLSearchParams=function(e){if(e&&\"object\"==typeof e&&t(e)){var a=new r;return n(e).forEach(function(e){if(!t(e))throw TypeError();var r=n(e);if(2!==r.length)throw TypeError();a.append(r[0],r[1])}),a}return e&&\"object\"==typeof e?(a=new r,Object.keys(e).forEach(function(t){a.set(t,e[t])}),a):new r(e)}}}()}(self);</script>\n <script>\"use strict\";var get=function(t){return Array.prototype.slice.call(document.querySelectorAll(t))},addFragmentToURLState=function(t){if(!t)return t;var e=new URL(t);if(e&&\"\"!==fragment&&fragment.length<100){var a=window.btoa(JSON.stringify({fragment:\"#\"===fragment[0]?fragment:\"#\".concat(fragment)})),r=e.searchParams.get(\"state\"),n=e.searchParams.get(\"RelayState\");r?e.searchParams.set(\"state\",\"\".concat(r,\".\").concat(a)):n&&e.searchParams.set(\"RelayState\",\"\".concat(n,\".\").concat(a))}return e.toString()},fragment=window.location.hash||\"\",article=document.querySelector(\"#data\"),dset=article.dataset,autoRedirectToIdentity=\"true\"===dset.autoRedirectToIdentity,autoRedirectURL=addFragmentToURLState(dset.autoRedirectUrl),message=dset.message;autoRedirectURL&&autoRedirectToIdentity&&(message||(window.location=autoRedirectURL));</script>\n </head>\n\n <body>\n <div class=\"base_AccessLogo\">\n <svg width=\"339\" height=\"50\" fill=\"none\" viewBox=\"0 0 339 50\"><path d=\"M42.8 2.847A20.9 20.9 0 0 0 30.343 6.97a21.6 21.6 0 0 0-7.703 10.806l-.14.449h3.9l.09-.215a17.76 17.76 0 0 1 7.47-8.88 17.2 17.2 0 0 1 11.254-2.255 17.38 17.38 0 0 1 10.206 5.342 18.02 18.02 0 0 1 4.772 10.642c.374 3.993-.58 8-2.71 11.372a17.56 17.56 0 0 1-9.03 7.217 17.17 17.17 0 0 1-11.469-.038A17.57 17.57 0 0 1 28 34.133c-.1-.153-.19-.306-.28-.47l-.2-.357h-4.09l.24.5q.556 1.22 1.27 2.347a21.4 21.4 0 0 0 8.002 7.497 20.86 20.86 0 0 0 10.59 2.47 20.9 20.9 0 0 0 10.4-3.203 21.47 21.47 0 0 0 7.481-8.038 22 22 0 0 0 2.6-10.763 22 22 0 0 0-2.962-10.664 21.4 21.4 0 0 0-7.75-7.77A20.9 20.9 0 0 0 42.8 2.848\" fill=\"#fff\"/><path d=\"m43.79 21.52-7.43-7.581-2.47 2.52 4.32 4.419H6l2.08 3.56H42.6zM43.74 37.602l-2.47-2.52 4.32-4.419H11.7l-2.07-3.57h40.35l1.19 2.928zM327.359 19.158q1.95 1.248 2.239 4.295h-4.341q-.091-.837-.472-1.325-.717-.883-2.438-.883-1.416 0-2.026.441-.594.442-.594 1.036 0 .746.64 1.082.64.35 4.524 1.203 2.59.609 3.885 1.843 1.28 1.25 1.279 3.123 0 2.467-1.843 4.037-1.828 1.554-5.667 1.554-3.915 0-5.788-1.646-1.859-1.66-1.859-4.22h4.403q.137 1.159.594 1.646.807.868 2.986.868 1.28 0 2.025-.38.762-.381.762-1.143 0-.73-.609-1.112-.609-.38-4.524-1.31-2.818-.7-3.976-1.752-1.158-1.036-1.158-2.985 0-2.3 1.798-3.946 1.812-1.66 5.087-1.66 3.108 0 5.073 1.234M310.929 19.158q1.95 1.248 2.24 4.295h-4.342q-.091-.837-.472-1.325-.716-.883-2.437-.883-1.417 0-2.026.441-.594.442-.594 1.036 0 .746.639 1.082.64.35 4.525 1.203 2.59.609 3.884 1.843 1.28 1.25 1.28 3.123 0 2.467-1.844 4.037-1.827 1.554-5.666 1.554-3.915 0-5.789-1.646-1.858-1.66-1.858-4.22h4.402q.137 1.159.594 1.646.808.868 2.986.868 1.28 0 2.026-.38.761-.381.761-1.143 0-.73-.609-1.112-.609-.38-4.524-1.31-2.818-.7-3.976-1.752-1.158-1.036-1.158-2.985 0-2.3 1.798-3.946 1.812-1.66 5.088-1.66 3.107 0 5.072 1.234M297.272 30.125q-.167 1.478-1.538 3.001-2.133 2.422-5.971 2.422-3.169 0-5.591-2.041t-2.422-6.642q0-4.31 2.178-6.61 2.195-2.3 5.682-2.3 2.072 0 3.732.776 1.66.777 2.742 2.452.975 1.479 1.265 3.428.167 1.142.137 3.29h-11.364q.091 2.499 1.569 3.504.898.624 2.163.624 1.341 0 2.178-.761.457-.411.808-1.143zm-4.295-5.088q-.107-1.72-1.051-2.604-.93-.9-2.316-.9-1.507 0-2.346.945-.822.945-1.035 2.56zM280.997 24.352h-4.448a3.9 3.9 0 0 0-.625-1.675q-.73-1.006-2.27-1.006-2.193 0-3.001 2.178-.426 1.158-.426 3.078 0 1.827.426 2.94.777 2.07 2.925 2.071 1.524 0 2.163-.822.64-.823.777-2.133h4.433q-.153 1.98-1.432 3.747-2.042 2.85-6.047 2.849-4.006 0-5.896-2.376-1.888-2.377-1.888-6.17 0-4.28 2.086-6.657Q269.862 18 273.532 18q3.123 0 5.104 1.401 1.995 1.402 2.361 4.951M264.567 24.352h-4.448a3.85 3.85 0 0 0-.625-1.675q-.731-1.006-2.269-1.006-2.194 0-3.001 2.178-.427 1.158-.427 3.078 0 1.827.427 2.94.777 2.07 2.924 2.071 1.524 0 2.164-.822.64-.823.776-2.133h4.433q-.152 1.98-1.432 3.747-2.04 2.85-6.047 2.849t-5.895-2.376q-1.89-2.377-1.889-6.17 0-4.28 2.087-6.657Q253.431 18 257.103 18q3.123 0 5.103 1.401 1.995 1.402 2.361 4.951M242.09 30.384h-8.272L232.264 35h-4.905l8.013-22.454h5.301L248.625 35h-5.088zm-1.31-3.869-2.803-8.835-2.895 8.835zM219.788 30.125q-.168 1.478-1.539 3.001-2.132 2.422-5.971 2.422-3.168 0-5.59-2.041t-2.422-6.642q0-4.31 2.178-6.61 2.193-2.3 5.682-2.3 2.071 0 3.732.776 1.66.777 2.742 2.452.975 1.479 1.264 3.428.168 1.142.137 3.29h-11.364q.091 2.499 1.569 3.504.9.624 2.164.624 1.34 0 2.178-.761.457-.411.807-1.143zm-4.296-5.088q-.106-1.72-1.051-2.604-.929-.9-2.315-.9-1.508 0-2.346.945-.822.945-1.036 2.56zM202.702 22.402q-2.62 0-3.519 1.706-.503.96-.503 2.956V35h-4.371V18.396h4.143v2.894q1.005-1.66 1.752-2.27 1.218-1.02 3.168-1.02.121 0 .198.015.091 0 .381.015v4.448a12 12 0 0 0-1.249-.076M178.549 20.194q1.72-2.194 5.91-2.194 2.727 0 4.844 1.081 2.118 1.082 2.118 4.083v7.616q0 .792.03 1.92.045.853.259 1.157.213.306.64.503V35h-4.722a4.8 4.8 0 0 1-.275-.944 12 12 0 0 1-.122-1.006 9 9 0 0 1-2.071 1.66q-1.402.808-3.169.808-2.254 0-3.732-1.28-1.462-1.294-1.462-3.656 0-3.06 2.361-4.432 1.295-.747 3.808-1.067l1.478-.182q1.203-.153 1.721-.381.93-.396.929-1.234 0-1.02-.716-1.402-.7-.396-2.071-.396-1.539 0-2.179.762-.456.564-.609 1.523h-4.189q.137-2.178 1.219-3.58m3.229 11.668q.61.503 1.493.503 1.401 0 2.574-.823 1.189-.823 1.234-3v-1.616a5 5 0 0 1-.838.427 7.3 7.3 0 0 1-1.142.29l-.975.182q-1.371.244-1.965.594-1.005.594-1.005 1.843 0 1.113.624 1.6M167.682 12.41v3.534q-.306-.015-.595-.015-.288-.015-.7-.016-1.021 0-1.249.564-.23.564-.198 1.767v.305h2.848v3.061h-2.848V35h-4.327V21.61h-2.422V18.55h2.377v-1.067q0-2.65 1.173-3.945 1.05-1.218 4.28-1.219.396 0 .807.03.412.031.854.062m7.007.137V35h-4.326V12.547zM156.763 12.577V35h-4.219v-2.3q-.93 1.477-2.118 2.148-1.188.67-2.955.67-2.909 0-4.905-2.346-1.98-2.361-1.98-6.047 0-4.25 1.95-6.688Q144.501 18 147.776 18q1.508 0 2.681.67a5.2 5.2 0 0 1 1.904 1.828v-7.92zm-11.699 14.228q0 2.3.914 3.67.9 1.387 2.742 1.387t2.803-1.37q.96-1.372.96-3.55 0-3.046-1.539-4.357a3.3 3.3 0 0 0-2.193-.792q-1.905 0-2.803 1.447-.884 1.432-.884 3.565M134.164 32.654q-.06.075-.304.457a3 3 0 0 1-.579.67q-1.021.915-1.981 1.25-.944.334-2.224.334-3.685 0-4.966-2.65-.715-1.463-.715-4.31V18.395h4.448v10.008q0 1.417.335 2.133.594 1.264 2.33 1.264 2.225 0 3.047-1.797.426-.976.426-2.575v-9.033h4.403V35h-4.22zM119.227 20.498q2.102 2.636 2.102 6.23 0 3.657-2.102 6.261-2.102 2.59-6.383 2.59-4.28 0-6.382-2.59-2.103-2.604-2.103-6.26 0-3.596 2.103-6.23 2.101-2.636 6.382-2.636t6.383 2.635m-6.398 1.036q-1.905 0-2.94 1.356-1.02 1.34-1.021 3.838t1.021 3.854q1.035 1.356 2.94 1.356 1.903 0 2.925-1.356 1.02-1.356 1.02-3.854t-1.02-3.838q-1.022-1.356-2.925-1.356M97.727 12.546h4.341V35h-4.341zM92.22 33.324q-2.514 2.3-6.429 2.3-4.844 0-7.616-3.107-2.773-3.123-2.773-8.56 0-5.88 3.154-9.064 2.742-2.773 6.976-2.773 5.667 0 8.287 3.717 1.448 2.087 1.554 4.189H90.68q-.457-1.614-1.173-2.437-1.28-1.463-3.793-1.463-2.56 0-4.037 2.072-1.477 2.057-1.477 5.834 0 3.778 1.553 5.667 1.57 1.875 3.976 1.874 2.468 0 3.763-1.615.716-.868 1.188-2.605h4.646q-.609 3.671-3.108 5.971\" fill=\"#fff\"/></svg>\n </div>\n <div class=\"Content\">\n\n <div class=\"AuthBox\">\n <div class=\"AuthBox-body\">\n <a class=\"OrgAvatarLink\" href=''>\n <div class=\"OrgAvatarLink-logo\">\n <img height=50 src=\"https:&#x2F;&#x2F;s.cystack.net&#x2F;resource&#x2F;cystack&#x2F;CyStack-Black.svg\" style=\"display:none;\" onload=\"this.style.display=''\"></img>\n </div>\n <div class=\"OrgAvatarLink-title\">\n CyStack\n </div>\n </a>\n <div class=\"AuthBox-App\">\n <div class=\"App-name\">\n CyStack Blog\n </div>\n\n </div>\n <div class=\"AuthBox-Normal\">\n <div class=\"AuthBox-text\">\n Sign in with:\n </div>\n <div class=\"AuthServiceLogin\">\n <div class=\"AuthServiceLogin-row AuthServiceLogin-row-is-only\">\n <a class=\" Button Button-is-block Button-is-auth js-idp\" data-idp=\"Google\" title=\"Google ・ CyStack\"\n href=\"https:&#x2F;&#x2F;accounts.google.com&#x2F;o&#x2F;oauth2&#x2F;auth?client_id&#x3D;306229843697-8ot9f4phmrpr35gahbe3cvf5agj6nhs6.apps.googleusercontent.com&amp;redirect_uri&#x3D;https%3A%2F%2Fcystack.cloudflareaccess.com%2Fcdn-cgi%2Faccess%2Fcallback&amp;response_type&#x3D;code&amp;state&#x3D;0991c4d62270a4a5ef4ed01475c471e01c57a5e13461d9f00ecfdcf7f662ec7c.JTdCJTIyaWF0JTIyJTNBMTc3ODQ2NDQ2MiUyQyUyMmF1dGhEb21haW4lMjIlM0ElMjJjeXN0YWNrLmNsb3VkZmxhcmVhY2Nlc3MuY29tJTIyJTJDJTIyaG9zdG5hbWUlMjIlM0ElMjJibG9nLmN5c3RhY2sub3JnJTIyJTJDJTIycmVkaXJlY3RVUkwlMjIlM0ElMjIlMkZsYWJzJTJGd3AtanNvbiUyRndwJTJGcmFua21hdGglMkZ2MSUyRmdldEhlYWQlM0Z1cmwlM0RodHRwcyUzQSUyNTJGJTI1MkZibG9nLmN5c3RhY2sub3JnJTI1MkZsYWJzJTI1MkYyMDI1JTI1MkYxMSUyNTJGMTklMjUyRmN2ZS0yMDI1LTU5ODM3LWFzdHJvLXNzcmYtYnlwYXNzJTI1MkYlMjIlMkMlMjJhdWQlMjIlM0ElMjJkMDhjYzMxMmQzNTgwMjY4ZGYzYWNhMjRjYjRmNGI3NDZhYTU1OGVkMGEzODRjYjRkNzNkZDc2OGViMDIwMWY3JTIyJTJDJTIyaXNTYW1lU2l0ZU5vbmVDb21wYXRpYmxlJTIyJTNBdHJ1ZSUyQyUyMmlzSURQVGVzdCUyMiUzQWZhbHNlJTJDJTIyaXNSZWZyZXNoJTIyJTNBZmFsc2UlMkMlMjJub25jZSUyMiUzQSUyMm51dDl2OVRjbENqOU52RVRRJTIyJTJDJTIyaWRwSWQlMjIlM0ElMjI4OTM1NTNmNi0yMDVjLTRjY2MtOWMxZS1jMzA5NDhlN2Y4NWMlMjIlMkMlMjJzZXJ2aWNlX3Rva2VuX3N0YXR1cyUyMiUzQWZhbHNlJTJDJTIyYXV0aF9zdGF0dXMlMjIlM0ElMjJOT05FJTIyJTJDJTIyaXNfd2FycCUyMiUzQWZhbHNlJTJDJTIyaXNfZ2F0ZXdheSUyMiUzQWZhbHNlJTJDJTIybXRsc19hdXRoJTIyJTNBJTdCJTIyY2VydF9pc3N1ZXJfZG4lMjIlM0ElMjIlMjIlMkMlMjJjZXJ0X3NlcmlhbCUyMiUzQSUyMiUyMiUyQyUyMmNlcnRfaXNzdWVyX3NraSUyMiUzQSUyMiUyMiUyQyUyMmNlcnRfcHJlc2VudGVkJTIyJTNBZmFsc2UlMkMlMjJjb21tb25fbmFtZSUyMiUzQSUyMiUyMiUyQyUyMmF1dGhfc3RhdHVzJTIyJTNBJTIyTk9ORSUyMiU3RCUyQyUyMmFwcFNlc3Npb25IYXNoJTIyJTNBJTIyMzQ1OWNmMTRkZWJkMjkxYzUxMDFlY2QyYzM3NmQ5N2JkMDUwZDJmMjgzYjdkZDU0MWFlZjU1Mzk5Zjg4ZGE4NiUyMiU3RA%253D%253D&amp;scope&#x3D;email+profile+openid\" accesskey=\"1\" id=\"idp1\">\n <div class=\"Button-auth-service-icon\"><svg viewBox=\"0 0 256 262\"><path d=\"M13.925 71.947C5.077 89.644 0 109.517 0 130.55s5.077 40.905 13.925 58.602C35.393 231.798 79.49 261.1 130.55 261.1c35.248 0 64.839-11.605 86.453-31.622 24.659-22.774 38.875-56.282 38.875-96.027 0-10.734-.871-18.567-2.756-26.69H130.55v48.448h71.947c-1.45 12.04-9.283 30.172-26.69 42.356-11.024 7.688-25.82 13.055-45.257 13.055-34.523 0-63.824-22.773-74.269-54.25-2.756-8.123-4.351-16.827-4.351-25.82 0-8.994 1.595-17.697 4.206-25.82 10.59-31.477 39.891-54.251 74.414-54.251 24.514 0 41.05 10.589 50.479 19.438l36.844-35.974C195.245 12.91 165.798 0 130.55 0 79.49 0 35.393 29.301 13.925 71.947z\"></path></svg></div>\n <div class=\"AuthBoxRow--name\">Google ・ CyStack</div>\n </a>\n </div>\n </div>\n <div class=\"AuthBox-RequestCode AuthBox-RequestCode__idpsExist\">\n <div class=\"AuthBox-text\">Get a login code emailed to you</div>\n <form class=\"AuthFormLogin\" action='https:&#x2F;&#x2F;cystack.cloudflareaccess.com&#x2F;cdn-cgi&#x2F;access&#x2F;verify-code&#x2F;blog.cystack.org?kid&#x3D;d08cc312d3580268df3aca24cb4f4b746aa558ed0a384cb4d73dd768eb0201f7&amp;meta&#x3D;eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjA4YWQ1NGZmYjhlMGQ4YTQxMTNkNzEzOTVkNDQ4ZjU4ZjZlMDEyMjljOWU2MGVkMjNiOWI5N2Q2YTA3ZjUwMzIifQ.eyJ0eXBlIjoibWV0YSIsImF1ZCI6ImQwOGNjMzEyZDM1ODAyNjhkZjNhY2EyNGNiNGY0Yjc0NmFhNTU4ZWQwYTM4NGNiNGQ3M2RkNzY4ZWIwMjAxZjciLCJob3N0bmFtZSI6ImJsb2cuY3lzdGFjay5vcmciLCJyZWRpcmVjdF91cmwiOiIvbGFicy93cC1qc29uL3dwL3JhbmttYXRoL3YxL2dldEhlYWQ_dXJsPWh0dHBzOiUyRiUyRmJsb2cuY3lzdGFjay5vcmclMkZsYWJzJTJGMjAyNSUyRjExJTJGMTklMkZjdmUtMjAyNS01OTgzNy1hc3Ryby1zc3JmLWJ5cGFzcyUyRiIsInNlcnZpY2VfdG9rZW5fc3RhdHVzIjpmYWxzZSwiaXNfd2FycCI6ZmFsc2UsImlzX2dhdGV3YXkiOmZhbHNlLCJleHAiOjE3Nzg0NjQ3NjEsIm5iZiI6MTc3ODQ2NDQ2MSwiaWF0IjoxNzc4NDY0NDYxLCJhdXRoX3N0YXR1cyI6Ik5PTkUiLCJtdGxzX2F1dGgiOnsiY2VydF9pc3N1ZXJfZG4iOiIiLCJjZXJ0X3NlcmlhbCI6IiIsImNlcnRfaXNzdWVyX3NraSI6IiIsImNlcnRfcHJlc2VudGVkIjpmYWxzZSwiY29tbW9uX25hbWUiOiIiLCJhdXRoX3N0YXR1cyI6Ik5PTkUifSwicmVhbF9jb3VudHJ5IjoiU0ciLCJhcHBfc2Vzc2lvbl9oYXNoIjoiMzQ1OWNmMTRkZWJkMjkxYzUxMDFlY2QyYzM3NmQ5N2JkMDUwZDJmMjgzYjdkZDU0MWFlZjU1Mzk5Zjg4ZGE4NiJ9.BE-Vl4Y21o71N_abOMQT2Uzz5GdxFx6VXfGf3UTpatUwbm863cZua7Iq90Or0-QoK_81lBBedNJ115zRCwEKgPH-4Fo0X_3tZoqM2TQcrlTfPGV4qYkPQVjVvsoFUSkhtQ4hMF5EHD4ffnni1I45Lq-URi0AefMCvB_LARBpylkH-UacJoAvI02M2p-hETi8rcOoKW9M-mzPuvR_G0WvxMXPPFmPuasIAQKAy71b8lvi_3x11H0g_ngdz2bTzpOCXelCQM3CAxYaEZrJ3GD1z0_5ZqinZ-Uw2YZx-j2jwiaLZ1Z2L99bDbaYfihw_B2owscX-aTp19OvJYM7sp62Mg&amp;redirect_url&#x3D;%2Flabs%2Fwp-json%2Fwp%2Frankmath%2Fv1%2FgetHead%3Furl%3Dhttps%3A%252F%252Fblog.cystack.org%252Flabs%252F2025%252F11%252F19%252Fcve-2025-59837-astro-ssrf-bypass%252F' method=\"post\" id=\"totp-form\">\n <div class=\"AuthFormLogin-row\">\n <label>Email</label>\n <input class=\"StandardInput StandardInput-is-block EmailInput\" type=\"email\" required\n placeholder=\"example@email.com\" spellcheck=\"false\" autocomplete=\"off\" autocapitalize=\"none\"\n autofocus name=\"email\">\n <input hidden type=\"text\" name=\"client_id\" value=''>\n <input hidden type=\"text\" name=\"connector_id\" value=''>\n <input hidden type=\"text\" name=\"connector_type\" value=''>\n <input hidden type=\"text\" name=\"redirect_url\" value=''>\n </div>\n <div class=\"AuthFormLogin-row\">\n <button type=\"submit\" form=\"totp-form\" class=\"Button Button-is-block Button-is-juicy Button-uses-org-theme-accent-color\">\n Send me a code\n </button>\n </div>\n </form>\n </div>\n\n </div>\n </div>\n </div>\n </div>\n <div class=\"base_TeamsLogo\">\n <svg width=\"281\" height=\"50\" fill=\"none\" viewBox=\"0 0 281 50\"><path d=\"M54.062 25 42.03 45.838H17.97L5.937 25 17.97 4.162H42.03zm-43.505 0 9.721 16.838h19.443L49.442 25 39.721 8.162H20.278zm22.642 10h-4V19.829l-3.268 3.268-2.829-2.829 4.869-4.868h5.228zM274.444 30.125q-.167 1.478-1.538 3.001-2.132 2.422-5.972 2.422-3.168 0-5.59-2.041t-2.422-6.642q0-4.31 2.178-6.61 2.195-2.3 5.682-2.3 2.071 0 3.732.776 1.66.777 2.742 2.452.975 1.479 1.264 3.428.168 1.142.138 3.29h-11.364q.091 2.499 1.569 3.504.898.624 2.163.624 1.34 0 2.178-.761.458-.411.807-1.143zm-4.295-5.088q-.108-1.72-1.051-2.604-.93-.9-2.316-.9-1.507 0-2.346.945-.822.945-1.036 2.56zM249.909 21.61q-2.209 0-3.031 1.874-.427.99-.427 2.528V35h-4.326V18.427h4.189v2.422q.838-1.28 1.584-1.844Q249.238 18 251.295 18q2.574 0 4.205 1.356 1.644 1.34 1.645 4.463V35h-4.448V24.9q0-1.31-.351-2.01-.64-1.28-2.437-1.28M229.031 35.625q-4.813 0-7.357-2.62-3.412-3.214-3.412-9.262 0-6.17 3.412-9.262 2.544-2.62 7.357-2.62t7.358 2.62q3.397 3.093 3.397 9.262 0 6.048-3.397 9.262-2.544 2.62-7.358 2.62m4.433-6.032q1.63-2.057 1.63-5.85 0-3.777-1.645-5.834-1.63-2.072-4.418-2.072-2.787 0-4.448 2.057-1.66 2.055-1.66 5.849t1.66 5.85 4.448 2.056q2.788 0 4.433-2.056M208.788 30.125q-.168 1.478-1.539 3.001-2.132 2.422-5.971 2.422-3.168 0-5.59-2.041t-2.422-6.642q0-4.31 2.178-6.61 2.193-2.3 5.682-2.3 2.071 0 3.732.776 1.66.777 2.742 2.452.975 1.479 1.264 3.428.168 1.142.137 3.29h-11.364q.091 2.499 1.569 3.504.9.624 2.164.624 1.34 0 2.178-.761.457-.411.807-1.143zm-4.296-5.088q-.106-1.72-1.051-2.604-.929-.9-2.315-.9-1.508 0-2.346.945-.822.945-1.036 2.56zM191.702 22.402q-2.62 0-3.519 1.706-.503.96-.503 2.956V35h-4.371V18.396h4.143v2.894q1.005-1.66 1.752-2.27 1.218-1.02 3.168-1.02.121 0 .198.015.091 0 .381.015v4.448a12 12 0 0 0-1.249-.076M167.549 20.194q1.72-2.194 5.91-2.194 2.727 0 4.844 1.081 2.118 1.082 2.118 4.083v7.616q0 .792.03 1.92.045.853.259 1.157.213.306.64.503V35h-4.722a4.8 4.8 0 0 1-.275-.944 12 12 0 0 1-.122-1.006 9 9 0 0 1-2.071 1.66q-1.402.808-3.169.808-2.254 0-3.732-1.28-1.462-1.294-1.462-3.656 0-3.06 2.361-4.432 1.295-.747 3.808-1.067l1.478-.182q1.203-.153 1.721-.381.93-.396.929-1.234 0-1.02-.716-1.402-.7-.396-2.071-.396-1.539 0-2.179.762-.456.564-.609 1.523h-4.189q.137-2.178 1.219-3.58m3.229 11.668q.61.503 1.493.503 1.401 0 2.574-.823 1.189-.823 1.234-3v-1.616a5 5 0 0 1-.838.427 7.3 7.3 0 0 1-1.142.29l-.975.182q-1.371.244-1.965.594-1.005.594-1.005 1.843 0 1.113.624 1.6M156.682 12.41v3.534q-.306-.015-.595-.015-.288-.015-.7-.016-1.021 0-1.249.564-.23.564-.198 1.767v.305h2.848v3.061h-2.848V35h-4.327V21.61h-2.422V18.55h2.377v-1.067q0-2.65 1.173-3.945 1.05-1.218 4.28-1.219.396 0 .807.03.412.031.854.062m7.007.137V35h-4.326V12.547zM145.763 12.577V35h-4.219v-2.3q-.93 1.477-2.118 2.148-1.188.67-2.955.67-2.909 0-4.905-2.346-1.98-2.361-1.98-6.047 0-4.25 1.95-6.688Q133.501 18 136.776 18q1.508 0 2.681.67a5.2 5.2 0 0 1 1.904 1.828v-7.92zm-11.699 14.228q0 2.3.914 3.67.9 1.387 2.742 1.387t2.803-1.37q.96-1.372.96-3.55 0-3.046-1.539-4.357a3.3 3.3 0 0 0-2.193-.792q-1.905 0-2.803 1.447-.884 1.432-.884 3.565M123.164 32.654q-.06.076-.304.457a3 3 0 0 1-.579.67q-1.021.915-1.981 1.25-.944.334-2.224.334-3.685 0-4.966-2.65-.715-1.463-.715-4.31V18.395h4.448v10.008q0 1.417.335 2.133.594 1.264 2.33 1.264 2.225 0 3.047-1.797.426-.976.426-2.575v-9.033h4.403V35h-4.22zM108.227 20.498q2.102 2.636 2.102 6.23 0 3.657-2.102 6.261-2.102 2.59-6.383 2.59-4.28 0-6.382-2.59-2.103-2.604-2.103-6.26 0-3.596 2.103-6.23 2.101-2.636 6.382-2.636t6.383 2.635m-6.398 1.036q-1.905 0-2.94 1.356-1.02 1.34-1.02 3.838t1.02 3.854q1.035 1.356 2.94 1.356 1.903 0 2.925-1.356 1.02-1.356 1.02-3.854t-1.02-3.838q-1.022-1.356-2.925-1.356M86.727 12.546h4.341V35h-4.341zM81.22 33.324q-2.514 2.3-6.429 2.3-4.844 0-7.616-3.107-2.773-3.123-2.773-8.56 0-5.88 3.154-9.064 2.742-2.773 6.976-2.773 5.667 0 8.287 3.717 1.448 2.087 1.554 4.189H79.68q-.457-1.614-1.173-2.437-1.28-1.463-3.793-1.463-2.56 0-4.037 2.072-1.477 2.057-1.477 5.834 0 3.778 1.553 5.667 1.57 1.875 3.976 1.874 2.468 0 3.763-1.615.716-.868 1.188-2.605h4.646q-.609 3.671-3.108 5.971\" fill=\"#fff\"/></svg>\n </div>\n\n <script>\"use strict\";if(document.addEventListener(\"keyup\",function(e){if(\"BODY\"===e.target.nodeName&&e.key>=1&&e.key<=10){var t=document.getElementById(\"idp\"+e.key);window.location=t.getAttribute(\"href\")}},!1),\"\"!==fragment&&fragment.length<100){var services=get(\".js-idp\")||[];services.map(function(e){return e.href=addFragmentToURLState(e.href),e})}</script>\n </body>\n\n</html>"