Some cloud-hosted Gatsby websites were vulnerable to SSRF and XSS attacks because of a high-risk flaw in the Gatsby Cloud Image CDN service. Sam Curry, a security engineer at Yuga Labs, and Shubham Shah, a security researcher and the CTO of Assetnote, found and reported the flaw.
For generating static websites, Gatsby is a JavaScript and open source framework based on React, and Gatsby Cloud is an online platform for creating and hosting Gatsby websites. With the help of the Image CDN from Gatsby Cloud, websites may load resources from edge servers more quickly. Read More…